A Review On Lexical Based Malicious Domain Name Detection Methods

In 2019, a study conducted by Palo Alto Networks revealed 20 domain names that are largely cybersquatted by attackers. However, media never stopped reporting phishing and identity theft attacks held by third party entities that rely on domain names to mislead Internet users. Domain names are listed in public lists based on their behavior. These lists objectively evaluate the reputation of a domain name. Black lists contain domain names that have previously committed suspicious acts, whereas white lists include the most popular and trustworthy domain names. For a long time, this listing technique has been used as a reactive approach that has the major limitation of responding lately to attacks. Nowadays techniques tend to be much more proactive, they operate before any attack occurs. In this paper, we give a literature review of proactive malicious domain name detection techniques that use only lexical features of domain names. These features are available, privacy preserving and they highly improve detection results. This review covers twelve recent works that report highly good performance classified according to a new taxonomy of malicious domain name detection methods. Moreover, it introduces a new criterion for comparing performance based on targeted maliciousness and discusses limitations of existing work and new emerging research directions.