RMD-Graph: Adversarial Attacks Resisting Malicious Domain Detection Based on Dual Denoising

IF 8.9 2区计算机科学 Q1 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE

IEEE Transactions on Knowledge and Data Engineering Pub Date : 2024-12-20 DOI:10.1109/TKDE.2024.3520798

Sanfeng Zhang;Luyao Huang;Zheng Zhang;Wenduan Xu;Wang Yang;Linfeng Liu

{"title":"RMD-Graph: Adversarial Attacks Resisting Malicious Domain Detection Based on Dual Denoising","authors":"Sanfeng Zhang;Luyao Huang;Zheng Zhang;Wenduan Xu;Wang Yang;Linfeng Liu","doi":"10.1109/TKDE.2024.3520798","DOIUrl":null,"url":null,"abstract":"The Domain Name System (DNS) is a critical Internet service that translates domain names into IPs, but it is often targeted by attackers, posing a serious security risk. Graph-based models for detecting malicious domains have shown high performance but are vulnerable to adversarial attacks. To address this issue, we propose RMD-Graph, which is characterized by its ability to resist adversarial attacks and its low dependency on labeled data. A dual denoising module is specifically designed based on two autoencoders to generate the reconstructed graph, where SVD, TOP-k and reconstruction loss are introduced to enhance the denoising capability of autoencoders. Subsequently, residual connections are employed to generate an optimized graph that retains essential information from the original graph. The reconstructed graph and the optimized graph are then utilized as two views for graph contrastive learning, thereby achieving an self-supervised representation learning task without labels. In the downstream malicious domain detection, the denoised node representations are employed for machine learning classification. Extensive experiments are conducted on publicly available DNS datasets, and the results demonstrate that RMD-Graph significantly outperforms known baseline methods, especially in adversarial scenarios.","PeriodicalId":13496,"journal":{"name":"IEEE Transactions on Knowledge and Data Engineering","volume":"37 3","pages":"1394-1410"},"PeriodicalIF":8.9000,"publicationDate":"2024-12-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Knowledge and Data Engineering","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10811765/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}

引用次数: 0

Abstract

The Domain Name System (DNS) is a critical Internet service that translates domain names into IPs, but it is often targeted by attackers, posing a serious security risk. Graph-based models for detecting malicious domains have shown high performance but are vulnerable to adversarial attacks. To address this issue, we propose RMD-Graph, which is characterized by its ability to resist adversarial attacks and its low dependency on labeled data. A dual denoising module is specifically designed based on two autoencoders to generate the reconstructed graph, where SVD, TOP-k and reconstruction loss are introduced to enhance the denoising capability of autoencoders. Subsequently, residual connections are employed to generate an optimized graph that retains essential information from the original graph. The reconstructed graph and the optimized graph are then utilized as two views for graph contrastive learning, thereby achieving an self-supervised representation learning task without labels. In the downstream malicious domain detection, the denoised node representations are employed for machine learning classification. Extensive experiments are conducted on publicly available DNS datasets, and the results demonstrate that RMD-Graph significantly outperforms known baseline methods, especially in adversarial scenarios.

查看原文本刊更多论文

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Transactions on Knowledge and Data Engineering 工程技术-工程：电子与电气

CiteScore

11.70

自引率

3.40%

发文量

515

审稿时长

6 months

期刊介绍： The IEEE Transactions on Knowledge and Data Engineering encompasses knowledge and data engineering aspects within computer science, artificial intelligence, electrical engineering, computer engineering, and related fields. It provides an interdisciplinary platform for disseminating new developments in knowledge and data engineering and explores the practicality of these concepts in both hardware and software. Specific areas covered include knowledge-based and expert systems, AI techniques for knowledge and data management, tools, and methodologies, distributed processing, real-time systems, architectures, data management practices, database design, query languages, security, fault tolerance, statistical databases, algorithms, performance evaluation, and applications.