Detecting Malicious Domains Using Statistical Internationalized Domain Name Features in Top Level Domains

Abstract: The Domain Name System (DNS) is a core Internet service that translates domain names into IP addresses. It is a distributed database and protocol with many known weaknesses that subject to countless attacks including spoofing attacks, botnets, and domain name registrations. Still, the debate between security and privacy is continuing, that is DNS over TLS or HTTP, and the lack of adoption of DNS security extensions, put users at risk. Consequently, the security of domain names and characterizing malicious websites is becoming a priority. This paper analyzes the difference between the malicious and the normal domain names and uses Python to extract various malicious DNS identifying characteristics. In addition, the paper contributes two categories of features that suppers Internationalized Domain Names and scans domain system using five tools to give it a rating. The overall accuracy of the Random Forest Classifier was 95.6%.