{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,9]],"date-time":"2026-06-09T16:32:55Z","timestamp":1781022775983,"version":"3.54.1"},"reference-count":35,"publisher":"Oxford University Press (OUP)","issue":"9","license":[{"start":{"date-parts":[[2021,5,31]],"date-time":"2021-05-31T00:00:00Z","timestamp":1622419200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/academic.oup.com\/journals\/pages\/open_access\/funder_policies\/chorus\/standard_publication_model"}],"funder":[{"DOI":"10.13039\/501100011395","name":"Major Science and Technology Program for Water Pollution Control and Treatment","doi-asserted-by":"publisher","award":["2018YFB1800202"],"award-info":[{"award-number":["2018YFB1800202"]}],"id":[{"id":"10.13039\/501100011395","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100011395","name":"Major Science and Technology Program for Water Pollution Control and Treatment","doi-asserted-by":"publisher","award":["2017YFB0803001"],"award-info":[{"award-number":["2017YFB0803001"]}],"id":[{"id":"10.13039\/501100011395","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100011395","name":"Major Science and Technology Program for Water Pollution Control and Treatment","doi-asserted-by":"publisher","award":["2018YFB0804703"],"award-info":[{"award-number":["2018YFB0804703"]}],"id":[{"id":"10.13039\/501100011395","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61571144"],"award-info":[{"award-number":["61571144"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["U1836117"],"award-info":[{"award-number":["U1836117"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022,9,16]]},"abstract":"<jats:title>Abstract<\/jats:title>\n               <jats:p>Millions of new domain names are registered every day, but a large proportion of them are malicious and usually discovered and blacklisted after the crime has been committed. In order to improve the security of domain name registration, this paper proposes a lightweight detection method based on the AdaBoost to identify malicious domain names, which focuses on proactively detecting malicious domain names by exploring the abnormal WHOIS records. The domain name registries and registrars can adopt the proposed method as the first layer of defense to identify malicious domains on the domain registration stage. Extensive experiments on a large-scale database demonstrate that the proposed approach achieves satisfactory results on various malicious domain names.<\/jats:p>","DOI":"10.1093\/comjnl\/bxab062","type":"journal-article","created":{"date-parts":[[2021,5,26]],"date-time":"2021-05-26T11:10:51Z","timestamp":1622027451000},"page":"2262-2275","source":"Crossref","is-referenced-by-count":10,"title":["Detecting Malicious Domain Names with Abnormal WHOIS Records Using Feature-Based Rules"],"prefix":"10.1093","volume":"65","author":[{"given":"Yanan","family":"Cheng","sequence":"first","affiliation":[{"name":"Faculty of Computing , Harbin Institute of Technology, Harbin, Heilongjiang Province, 150001, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Tingting","family":"Chai","sequence":"additional","affiliation":[{"name":"Faculty of Computing , Harbin Institute of Technology, Harbin, Heilongjiang Province, 150001, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Zhaoxin","family":"Zhang","sequence":"additional","affiliation":[{"name":"Faculty of Computing , Harbin Institute of Technology, Harbin, Heilongjiang Province, 150001, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Keyu","family":"Lu","sequence":"additional","affiliation":[{"name":"Faculty of Computing , Harbin Institute of Technology, Harbin, Heilongjiang Province, 150001, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Yuejin","family":"Du","sequence":"additional","affiliation":[{"name":"Qihoo 360 Technology Co. Ltd , Beijing, 100000, China"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"286","published-online":{"date-parts":[[2021,5,31]]},"reference":[{"key":"2022091610474642100_ref1","doi-asserted-by":"crossref","first-page":"74","DOI":"10.1145\/2063176.2063197","article-title":"The state of phishing attacks","volume":"55","author":"Hong","year":"2012","journal-title":"Commun. ACM"},{"key":"2022091610474642100_ref2","volume-title":"Safe browsing API","author":"Google","year":"2020"},{"key":"2022091610474642100_ref3","volume-title":"Malwarebytes browser guard","author":"hphosts online","year":"2020"},{"key":"2022091610474642100_ref4","first-page":"539","article-title":"Analyzing spatial structure of IP addresses for detecting malicious websites","volume":"21","author":"Chiba","year":"2013","journal-title":"J. Inf. Process."},{"key":"2022091610474642100_ref5","first-page":"151","article-title":"Conficker and Beyond: A Large-Scale Empirical Study","volume-title":"Proc. 26th Annual Computer Security Applications Conf.","author":"Shin","year":"2010"},{"key":"2022091610474642100_ref6","doi-asserted-by":"crossref","first-page":"1245","DOI":"10.1145\/1557019.1557153","article-title":"Beyond Blacklists: Learning to Detect Malicious Web Sites from Suspicious URLs","volume-title":"Proc. 15th ACM SIGKDD Int. Conf. Knowledge Discovery and Data Mining","author":"Ma","year":"2009"},{"key":"2022091610474642100_ref7","article-title":"URLNet: Learning a URL representation with deep learning for malicious URL detection","author":"Le","year":"2018"},{"key":"2022091610474642100_ref8","doi-asserted-by":"crossref","first-page":"48","DOI":"10.1145\/1879141.1879148","article-title":"Detecting Algorithmically Generated Malicious Domain Names","volume-title":"Proc. 10th ACM SIGCOMM Conf. Internet Measurement","author":"Yadav","year":"2010"},{"key":"2022091610474642100_ref9","doi-asserted-by":"crossref","first-page":"1355","DOI":"10.3233\/JIFS-169431","article-title":"Detecting malicious domain names using deep learning approaches at scale","volume":"34","author":"Vinayakumar","year":"2018","journal-title":"J. Intell. Fuzzy Syst."},{"key":"2022091610474642100_ref10","first-page":"1","article-title":"EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis","volume-title":"NDSS","author":"Bilge","year":"2011"},{"key":"2022091610474642100_ref11","doi-asserted-by":"publisher","first-page":"545","DOI":"10.1080\/17517575.2019.1644673","article-title":"DNS rule-based schema to botnet detection","volume":"15","author":"Alieyan","year":"2019","journal-title":"Enterp. Inf. Syst."},{"key":"2022091610474642100_ref12","doi-asserted-by":"crossref","first-page":"15196","DOI":"10.1109\/ACCESS.2019.2892066","article-title":"Phishing website detection based on multidimensional features driven by deep learning","volume":"7","author":"Yang","year":"2019","journal-title":"IEEE Access"},{"key":"2022091610474642100_ref13","doi-asserted-by":"crossref","DOI":"10.1201\/b12207","volume-title":"Ensemble Methods: Foundations and Algorithms","author":"Zhou","year":"2012"},{"key":"2022091610474642100_ref14","doi-asserted-by":"crossref","first-page":"119","DOI":"10.1006\/jcss.1997.1504","article-title":"A decision-theoretic generalization of on-line learning and an application to boosting","volume":"55","author":"Freund","year":"1997","journal-title":"J. Comput. Syst. Sci."},{"key":"2022091610474642100_ref15","article-title":"A Proposal of the AdaBoost-Based Detection of Phishing Sites","volume-title":"Proc. Joint Workshop on Information Security","author":"Miyamoto","year":"2007"},{"key":"2022091610474642100_ref16","doi-asserted-by":"crossref","first-page":"14","DOI":"10.1002\/widm.8","article-title":"Classification and regression trees","volume":"1","author":"Loh","year":"2011","journal-title":"Wiley Interdiscip. Rev. Data Min. Knowl. Discov."},{"key":"2022091610474642100_ref17","first-page":"1","article-title":"Mining DNS for Malicious Domain Registrations","volume-title":"6th Int. Conf. Collaborative Computing: Networking, Applications and Worksharing","author":"He","year":"2010"},{"key":"2022091610474642100_ref18","first-page":"18","article-title":"Classification and regression by randomForest","volume":"2","author":"Liaw","year":"2002","journal-title":"R News"},{"key":"2022091610474642100_ref19","doi-asserted-by":"crossref","first-page":"36","DOI":"10.1109\/ECRIME.2014.6963163","article-title":"Emerging Phishing Trends and Effectiveness of the Anti-Phishing Landing Page","volume-title":"2014 APWG Symposium on Electronic Crime Research (eCrime)","author":"Gupta","year":"2014"},{"key":"2022091610474642100_ref20","doi-asserted-by":"crossref","first-page":"369","DOI":"10.1145\/2815675.2815693","article-title":"Who is.com? Learning to Parse WHOIS Records","volume-title":"Proc. 2015 Internet Measurement Conf.","author":"Liu","year":"2015"},{"key":"2022091610474642100_ref21","volume-title":"Internet assigned numbers authority","author":"Root Zone Database","year":"2020"},{"key":"2022091610474642100_ref22","first-page":"639","article-title":"CANTINA: A Content-Based Approach to Detecting Phishing Web Sites","volume-title":"Proc. 16th Int. Conf. World Wide Web","author":"Zhang","year":"2007"},{"key":"2022091610474642100_ref23","doi-asserted-by":"crossref","first-page":"1990","DOI":"10.1109\/ICC.2013.6654816","article-title":"Protect Sensitive Sites from Phishing Attacks Using Features Extractable from Inaccessible Phishing URLs","volume-title":"2013 IEEE Int. Conf. Communications (ICC)","author":"Chu","year":"2013"},{"key":"2022091610474642100_ref24","volume-title":"Administrative divisions of China","author":"Wikipedia","year":"2020"},{"key":"2022091610474642100_ref25","volume-title":"Provinces of China","author":"Wikipedia","year":"2020"},{"key":"2022091610474642100_ref26","volume-title":"List of cities in China","author":"Wikipedia","year":"2020"},{"key":"2022091610474642100_ref27","volume-title":"List of postal codes in China","author":"Wikipedia","year":"2020"},{"key":"2022091610474642100_ref28","volume-title":"Telephone numbers in China","author":"Wikipedia","year":"2020"},{"key":"2022091610474642100_ref29","volume-title":"China telecom network numbering plan","author":"Information and Communications Administration","year":"2020"},{"key":"2022091610474642100_ref30","article-title":"A Study of WHOIS Privacy and Proxy Service Abuse","volume-title":"13th Workshop on the Economics of Information Security","author":"Clayton","year":"2014"},{"key":"2022091610474642100_ref31","doi-asserted-by":"crossref","first-page":"691","DOI":"10.1109\/SP.2016.47","article-title":"Domain-Z: 28 Registrations Later Measuring the Exploitation of Residual Trust in Domains","volume-title":"2016 IEEE Symposium on Security and Privacy (SP)","author":"Lever","year":"2016"},{"key":"2022091610474642100_ref32","doi-asserted-by":"crossref","first-page":"247","DOI":"10.1145\/2987443.2987463","article-title":"WHOIS Lost in Translation: (Mis) Understanding Domain Name Expiration and Re-Registration","volume-title":"Proc. 2016 Internet Measurement Conf.","author":"Lauinger","year":"2016"},{"key":"2022091610474642100_ref33","volume-title":"Temporary specification for gTLD registration data","author":"ICANN","year":"2020"},{"key":"2022091610474642100_ref34","volume-title":"eNom and LegitScript LLC announce agreement to identify customers operating illegal online pharmacies","author":"Business Wire","year":"2010"},{"key":"2022091610474642100_ref35","volume-title":"GoDaddy help form group to fight fake online pharmacies","author":"Google","year":"2010"}],"container-title":["The Computer Journal"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/academic.oup.com\/comjnl\/article-pdf\/65\/9\/2262\/45882186\/bxab062.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/academic.oup.com\/comjnl\/article-pdf\/65\/9\/2262\/45882186\/bxab062.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,9,16]],"date-time":"2022-09-16T10:48:37Z","timestamp":1663325317000},"score":1,"resource":{"primary":{"URL":"https:\/\/academic.oup.com\/comjnl\/article\/65\/9\/2262\/6281305"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,5,31]]},"references-count":35,"journal-issue":{"issue":"9","published-online":{"date-parts":[[2021,5,31]]},"published-print":{"date-parts":[[2022,9,16]]}},"URL":"https:\/\/doi.org\/10.1093\/comjnl\/bxab062","relation":{},"ISSN":["0010-4620","1460-2067"],"issn-type":[{"value":"0010-4620","type":"print"},{"value":"1460-2067","type":"electronic"}],"subject":[],"published-other":{"date-parts":[[2022,9]]},"published":{"date-parts":[[2021,5,31]]}}}