A Unified Learning Approach for Malicious Domain Name Detection
Author:
Wagan Atif Ali1ORCID, Li Qianmu1ORCID, Zaland Zubair2, Marjan Shah2ORCID, Bozdar Dadan Khan3, Hussain Aamir4ORCID, Mirza Aamir Mehmood3ORCID, Baryalai Mehmood3
Affiliation:
1. School of Computer Science and Engineering, Nanjing University of Science and Technology, Nanjing 210094, China 2. Department of Software Engineering, Balochistan University of Information Technology Engineering and Management Sciences, Quetta 87300, Pakistan 3. Department of Computer Science, Balochistan University of Information Technology Engineering and Management Sciences, Quetta 87300, Pakistan 4. Department of Computer Science, Muhammad Nawaz Shareef University of Agriculture Multan, Multan 60000, Pakistan
Abstract
The DNS firewall plays an important role in network security. It is based on a list of known malicious domain names, and, based on these lists, the firewall blocks communication with these domain names. However, DNS firewalls can only block known malicious domain names, excluding communication with unknown malicious domain names. Prior research has found that machine learning techniques are effective for detecting unknown malicious domain names. However, those methods have limited capabilities to learn from both textual and numerical data. To solve this issue, we present a novel unified learning approach that uses both numerical and textual features of the domain name to classify whether a domain name pair is malicious or not. The experiments were conducted on a benchmark domain names dataset consisting of 90,000 domain names. The experimental results show that the proposed approach performs significantly better than the six comparative methods in terms of accuracy, precision, recall, and F1-Score.
Funder
Research on the Key Technology of Endogenous Security Switches New Network Equipment Based on Independent Programmable Chips 2020 Industrial Internet Innovation and Development Project from Ministry of Industry and Information Technology of China Fundamental Research Fund for the Central Universities 2019 Industrial Internet Innovation and Development Project from Ministry of Industry and Information Technology of China Jiangsu Province Modern Education Technology Research Project National Vocational Education Teacher Enterprise Practice Base “Integration of Industry and Education” Special Project Scientific research project of Nanjing Vocational University of Industry Technology
Subject
Geometry and Topology,Logic,Mathematical Physics,Algebra and Number Theory,Analysis
Reference31 articles.
1. Liu, A.X. (2010). Firewall Design and Analysis, World Scientific. 2. Marques, C., Malta, S., and Magalhães, J. (2021). DNS Firewall Based on Machine Learning. Future Internet, 13. 3. Zhang, J., Porras, P., and Ullrich, J. (August, January 28). Highly predictive blacklisting. Proceedings of the 17th Conference on Security Symposium, San Jose, CA, USA. 4. Prakash, P., Kumar, M., Kompella, R.R., and Gupta, M. (2010, January 14–19). PhishNet: Predictive Blacklisting to Detect Phishing Attacks. Proceedings of the 2010 Proceedings IEEE INFOCOM, San Diego, CA, USA. 5. Akiyama, M., Yagi, T., and Itoh, M. (2011, January 18–21). Searching Structural Neighborhood of Malicious URLs to Improve Blacklisting. Proceedings of the 2011 IEEE/IPSJ International Symposium on Applications and the Internet, Munich, Germany.
Cited by
5 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
|
|