利用集合学习检测概念漂移的恶意域

IF 4.7 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

IEEE Transactions on Network and Service Management Pub Date : 2024-08-01 DOI:10.1109/TNSM.2024.3435516

Pin-Hsuan Chiang;Shi-Chun Tsai

{"title":"利用集合学习检测概念漂移的恶意域","authors":"Pin-Hsuan Chiang;Shi-Chun Tsai","doi":"10.1109/TNSM.2024.3435516","DOIUrl":null,"url":null,"abstract":"In the current landscape of network technology, it is indisputable that the Domain Name System (DNS) plays a vital role but also encounters significant security challenges. Despite the potential of recent advancements in deep learning and machine learning, concept drift is often not addressed. In this work, we designed a DNS anomaly detection system leveraging client-domain associations. We propose the Modified Deterministic Sampling Classifier with weighted Bagging (MDSCB) method, a chunk-based ensemble learning approach addressing concept drift and data imbalance. It integrates weighted bagging, resampling, random feature selection, and a retention strategy for classifier updates, enhancing adaptability and efficiency. We conducted experiments using multiple real-world and synthetic datasets for evaluation. Empirical studies show that our detection system can help identify malicious domains that are difficult for firewalls to detect timely. Moreover, MDSCB outperforms other methods in terms of performance and efficiency.","PeriodicalId":13423,"journal":{"name":"IEEE Transactions on Network and Service Management","volume":"21 6","pages":"6796-6809"},"PeriodicalIF":4.7000,"publicationDate":"2024-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Detection of Malicious Domains With Concept Drift Using Ensemble Learning\",\"authors\":\"Pin-Hsuan Chiang;Shi-Chun Tsai\",\"doi\":\"10.1109/TNSM.2024.3435516\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In the current landscape of network technology, it is indisputable that the Domain Name System (DNS) plays a vital role but also encounters significant security challenges. Despite the potential of recent advancements in deep learning and machine learning, concept drift is often not addressed. In this work, we designed a DNS anomaly detection system leveraging client-domain associations. We propose the Modified Deterministic Sampling Classifier with weighted Bagging (MDSCB) method, a chunk-based ensemble learning approach addressing concept drift and data imbalance. It integrates weighted bagging, resampling, random feature selection, and a retention strategy for classifier updates, enhancing adaptability and efficiency. We conducted experiments using multiple real-world and synthetic datasets for evaluation. Empirical studies show that our detection system can help identify malicious domains that are difficult for firewalls to detect timely. Moreover, MDSCB outperforms other methods in terms of performance and efficiency.\",\"PeriodicalId\":13423,\"journal\":{\"name\":\"IEEE Transactions on Network and Service Management\",\"volume\":\"21 6\",\"pages\":\"6796-6809\"},\"PeriodicalIF\":4.7000,\"publicationDate\":\"2024-08-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Transactions on Network and Service Management\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10620214/\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Network and Service Management","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10620214/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

在当前的网络技术格局中，域名系统（DNS）发挥着不可否认的重要作用，但也面临着重大的安全挑战。尽管最近在深度学习和机器学习方面取得了进展，但概念漂移往往没有得到解决。在这项工作中，我们设计了一个利用客户端-域关联的DNS异常检测系统。我们提出了一种基于块的集成学习方法——基于加权Bagging的改进确定性采样分类器（MDSCB）方法，以解决概念漂移和数据不平衡问题。它集成了加权装袋、重采样、随机特征选择和分类器更新的保留策略，增强了适应性和效率。我们使用多个真实世界和合成数据集进行实验进行评估。实证研究表明，我们的检测系统可以帮助识别防火墙难以及时检测的恶意域。此外，MDSCB在性能和效率方面优于其他方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Detection of Malicious Domains With Concept Drift Using Ensemble Learning

In the current landscape of network technology, it is indisputable that the Domain Name System (DNS) plays a vital role but also encounters significant security challenges. Despite the potential of recent advancements in deep learning and machine learning, concept drift is often not addressed. In this work, we designed a DNS anomaly detection system leveraging client-domain associations. We propose the Modified Deterministic Sampling Classifier with weighted Bagging (MDSCB) method, a chunk-based ensemble learning approach addressing concept drift and data imbalance. It integrates weighted bagging, resampling, random feature selection, and a retention strategy for classifier updates, enhancing adaptability and efficiency. We conducted experiments using multiple real-world and synthetic datasets for evaluation. Empirical studies show that our detection system can help identify malicious domains that are difficult for firewalls to detect timely. Moreover, MDSCB outperforms other methods in terms of performance and efficiency.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

IEEE Transactions on Network and Service Management Computer Science-Computer Networks and Communications

CiteScore

9.30

自引率

15.10%

发文量

325

期刊介绍： IEEE Transactions on Network and Service Management will publish (online only) peerreviewed archival quality papers that advance the state-of-the-art and practical applications of network and service management. Theoretical research contributions (presenting new concepts and techniques) and applied contributions (reporting on experiences and experiments with actual systems) will be encouraged. These transactions will focus on the key technical issues related to: Management Models, Architectures and Frameworks; Service Provisioning, Reliability and Quality Assurance; Management Functions; Enabling Technologies; Information and Communication Models; Policies; Applications and Case Studies; Emerging Technologies and Standards.