AGCN-Domain: Detecting Malicious Domains with Graph Convolutional Network and Attention Mechanism-Reference-Cited by-同舟云学术

AGCN-Domain: Detecting Malicious Domains with Graph Convolutional Network and Attention Mechanism

Published:2024-02-22 Issue:5 Volume:12 Page:640
ISSN:2227-7390
Container-title:Mathematics
language:en
Short-container-title:Mathematics

Author:

Luo Xi¹^ORCID,Li Yixin²,Cheng Hongyuan¹^ORCID,Yin Lihua¹

Affiliation:

1. Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou 510006, China

2. Big Data Center of State Grid Corporation of China, Xicheng District, Beijing 100052, China

Abstract

Domain Name System (DNS) plays an infrastructure role in providing the directory service for mapping domains to IPs on the Internet. Considering the foundation and openness of DNS, it is not surprising that adversaries register massive domains to enable multiple malicious activities, such as spam, command and control (C&C), malware distribution, click fraud, etc. Therefore, detecting malicious domains is a significant topic in security research. Although a substantial quantity of research has been conducted, previous work has failed to fuse multiple relationship features to uncover the deep underlying relationships between domains, thus largely limiting their level of performance. In this paper, we proposed AGCN-Domain to detect malicious domains by combining various relations. The core concept behind our work is to analyze relations between domains according to their behaviors in multiple perspectives and fuse them intelligently. The AGCN-Domain model utilizes three relationships (client relation, resolution relation, and cname relation) to construct three relationship feature graphs to extract features and intelligently fuse the features extracted from the graphs through an attention mechanism. After the relationship features are extracted from the domain names, they are put into the trained classifier to be processed. Through our experiments, we have demonstrated the performance of our proposed AGCN-Domain model. With 10% initialized labels in the dataset, our AGCN-Domain model achieved an accuracy of 94.27% and the F1 score of 87.93%, significantly outperforming other methods in the comparative experiments.

Funder

National Key R&D Program of China

National Science Foundation of China

Major Key Project of PCL

Publisher

MDPI AG

Link

https://www.mdpi.com/2227-7390/12/5/640/pdf

Reference38 articles.

1. Antonakakis, M., Perdisci, R., Dagon, D., Lee, W., and Feamster, N. (2010, January 11–13). Building a dynamic reputation system for dns. Proceedings of the 19th USENIX Security Symposium (USENIX Security 10), Washington, DC, USA.

2. Exposure: A passive dns analysis service to detect and report malicious domains;Bilge;ACM Trans. Inf. Syst. Secur. (TISSEC),2014

3. Bilge, L., Kirda, E., Kruegel, C., and Balduzzi, M. (2011, January 6–9). Exposure: Finding malicious domains using passive dns analysis. Proceedings of the 18th Annual Network and Distributed System Security Symposium (NDSS2011), San Diego, CA, USA.

4. Antonakakis, M., Perdisci, R., Lee, W., Vasiloglou, N., and Dagon, D. (2011, January 8–12). Detecting malware domains at the upper dns hierarchy. Proceedings of the 20th USENIX Conference on Security (USENIX Security 11), San Francisco, CA, USA.

5. Chiba, D., Yagi, T., Akiyama, M., Shibahara, T., Yada, T., Mori, T., and Goto, S. (July, January 28). Domainprofiler: Discovering domain names abused in future. Proceedings of the 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Toulouse, France.