MC-Det: Multi-channel representation fusion for malicious domain name detection

IF 4.4 2区 计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE
Yabo Wang , Ruizhi Xiao , Jiakun Sun , Shuyuan Jin
{"title":"MC-Det: Multi-channel representation fusion for malicious domain name detection","authors":"Yabo Wang ,&nbsp;Ruizhi Xiao ,&nbsp;Jiakun Sun ,&nbsp;Shuyuan Jin","doi":"10.1016/j.comnet.2024.110847","DOIUrl":null,"url":null,"abstract":"<div><div>As the essential fundamental infrastructure of the current network, the Domain Name System is widely abused by cyber attackers, malicious domain detection has become a crucial task in combating cyber crime. Most existing methods focus on local attributes, treating each domain name individually. Alternatively, they prioritize global associations among domain names, but ignore the attributes of the domains themselves, allowing malicious domain names to survive through sophisticated evasion techniques. In this paper, we propose MC-Det, a hybrid framework for detecting malicious domain names by fusing a Multi-channel representation of domain names. MC-Det first abstracts the domain name resolution process into three spatially independent information channels: Attribute space, which contains the intrinsic information in the domain name string itself, Constraint space, which involves the potential constraints imposed on the network activity behind the domain name, Topological space, which represents the actual usage and deployment of the domain name. Subsequently, it generates proper embedding representations of domain names for each channel. This novel Multi-channel representation provides a comprehensive understanding of domain name resolution process. Finally, a Multi-channel fusion strategy employing by attention mechanism is used to generate the final representation of domain names for the classifier, making MC-Det suitable for malicious domain name detection in different application scenarios. Experimental results demonstrate that MC-Det outperforms other state-of-the-art techniques, while only utilizing the resource information revealed in the domain name resolution phase.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"255 ","pages":"Article 110847"},"PeriodicalIF":4.4000,"publicationDate":"2024-10-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1389128624006790","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}
引用次数: 0

Abstract

As the essential fundamental infrastructure of the current network, the Domain Name System is widely abused by cyber attackers, malicious domain detection has become a crucial task in combating cyber crime. Most existing methods focus on local attributes, treating each domain name individually. Alternatively, they prioritize global associations among domain names, but ignore the attributes of the domains themselves, allowing malicious domain names to survive through sophisticated evasion techniques. In this paper, we propose MC-Det, a hybrid framework for detecting malicious domain names by fusing a Multi-channel representation of domain names. MC-Det first abstracts the domain name resolution process into three spatially independent information channels: Attribute space, which contains the intrinsic information in the domain name string itself, Constraint space, which involves the potential constraints imposed on the network activity behind the domain name, Topological space, which represents the actual usage and deployment of the domain name. Subsequently, it generates proper embedding representations of domain names for each channel. This novel Multi-channel representation provides a comprehensive understanding of domain name resolution process. Finally, a Multi-channel fusion strategy employing by attention mechanism is used to generate the final representation of domain names for the classifier, making MC-Det suitable for malicious domain name detection in different application scenarios. Experimental results demonstrate that MC-Det outperforms other state-of-the-art techniques, while only utilizing the resource information revealed in the domain name resolution phase.
MC-Det:多通道表示融合用于恶意域名检测
作为当前网络的重要基础架构,域名系统被网络攻击者广泛滥用,恶意域名检测已成为打击网络犯罪的一项重要任务。现有的大多数方法都侧重于局部属性,对每个域名进行单独处理。或者,它们优先考虑域名之间的全局关联,却忽略了域名本身的属性,从而使恶意域名通过复杂的规避技术得以生存。在本文中,我们提出了 MC-Det,这是一种通过融合域名的多通道表示来检测恶意域名的混合框架。MC-Det 首先将域名解析过程抽象为三个空间独立的信息通道:属性空间,包含域名字符串本身的内在信息;约束空间,涉及域名背后网络活动的潜在约束;拓扑空间,表示域名的实际使用和部署情况。随后,它会为每个通道生成适当的域名嵌入表示。这种新颖的多通道表示法可以全面了解域名解析过程。最后,采用注意力机制的多通道融合策略为分类器生成最终的域名表示,使 MC-Det 适用于不同应用场景中的恶意域名检测。实验结果表明,MC-Det 只利用了域名解析阶段揭示的资源信息,其性能却优于其他最先进的技术。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
Computer Networks
Computer Networks 工程技术-电信学
CiteScore
10.80
自引率
3.60%
发文量
434
审稿时长
8.6 months
期刊介绍: Computer Networks is an international, archival journal providing a publication vehicle for complete coverage of all topics of interest to those involved in the computer communications networking area. The audience includes researchers, managers and operators of networks as well as designers and implementors. The Editorial Board will consider any material for publication that is of interest to those groups.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信