MDD-FedGNN: A vertical federated graph learning framework for malicious domain detection

IF 4.8 2区 计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS Computers & Security Pub Date : 2024-08-31 DOI:10.1016/j.cose.2024.104093
Sanfeng Zhang , Qingyu Hao , Zijian Gong , Fengzhou Zhu , Yan Wang , Wang Yang
{"title":"MDD-FedGNN: A vertical federated graph learning framework for malicious domain detection","authors":"Sanfeng Zhang ,&nbsp;Qingyu Hao ,&nbsp;Zijian Gong ,&nbsp;Fengzhou Zhu ,&nbsp;Yan Wang ,&nbsp;Wang Yang","doi":"10.1016/j.cose.2024.104093","DOIUrl":null,"url":null,"abstract":"<div><p>The domain name system (DNS) serves as a fundamental component of the Internet infrastructure, but it is also exploited by attackers in various cyber-crimes, underscoring the significance of malicious domain detection (MDD). Recent advances show that graph-based models exhibit potential for inferring malicious domains and demonstrate superior performance. However, acquiring large-scale and high-quality graph datasets for MDD proves challenging for individual security institutes. Hence, a promising research direction involves employing vertical federated graph learning scheme to unite diverse security institutes and enhance local datasets resulting in more robust and powerful detection models. Nonetheless, directly applying vertical federated graph neural networks for MDD confronts challenges posed by noisy labels and noisy edges among security institutes, which ultimately diminish detection performance. This paper introduces a novel vertical federated learning framework, called MDD-FedGNN, that applies contrastive learning with two different encoders to deal with noisy labels and employs a new loss function based on the information bottleneck theory to handle noisy edges. Comparative experiments are conducted on a publicly available DNS dataset to evaluate the effectiveness of MDD-FedGNN in addressing the challenges of noisy labels and edges in vertical federated graph learning. The results demonstrate that MDD-FedGNN outperforms baseline methods, confirming the feasibility of training more powerful malicious domain detection models through data sharing and vertical federated learning among different security agencies.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"147 ","pages":"Article 104093"},"PeriodicalIF":4.8000,"publicationDate":"2024-08-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404824003985","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

The domain name system (DNS) serves as a fundamental component of the Internet infrastructure, but it is also exploited by attackers in various cyber-crimes, underscoring the significance of malicious domain detection (MDD). Recent advances show that graph-based models exhibit potential for inferring malicious domains and demonstrate superior performance. However, acquiring large-scale and high-quality graph datasets for MDD proves challenging for individual security institutes. Hence, a promising research direction involves employing vertical federated graph learning scheme to unite diverse security institutes and enhance local datasets resulting in more robust and powerful detection models. Nonetheless, directly applying vertical federated graph neural networks for MDD confronts challenges posed by noisy labels and noisy edges among security institutes, which ultimately diminish detection performance. This paper introduces a novel vertical federated learning framework, called MDD-FedGNN, that applies contrastive learning with two different encoders to deal with noisy labels and employs a new loss function based on the information bottleneck theory to handle noisy edges. Comparative experiments are conducted on a publicly available DNS dataset to evaluate the effectiveness of MDD-FedGNN in addressing the challenges of noisy labels and edges in vertical federated graph learning. The results demonstrate that MDD-FedGNN outperforms baseline methods, confirming the feasibility of training more powerful malicious domain detection models through data sharing and vertical federated learning among different security agencies.

查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
MDD-FedGNN:用于恶意域检测的垂直联合图学习框架
域名系统(DNS)是互联网基础设施的基本组成部分,但在各种网络犯罪中也被攻击者利用,这凸显了恶意域名检测(MDD)的重要性。最近的研究进展表明,基于图的模型在推断恶意域方面具有潜力,并表现出卓越的性能。然而,对于各个安全机构来说,为 MDD 获取大规模和高质量的图数据集具有挑战性。因此,一个很有前途的研究方向是采用垂直联合图学习方案,将不同的安全机构联合起来,增强本地数据集,从而建立更稳健、更强大的检测模型。然而,将垂直联合图神经网络直接应用于 MDD 面临着安全机构间噪声标签和噪声边所带来的挑战,最终会降低检测性能。本文介绍了一种名为 MDD-FedGNN 的新型垂直联合学习框架,该框架采用两种不同编码器的对比学习来处理噪声标签,并采用基于信息瓶颈理论的新损失函数来处理噪声边缘。我们在一个公开的 DNS 数据集上进行了对比实验,以评估 MDD-FedGNN 在应对垂直联合图学习中的噪声标签和边缘挑战方面的有效性。结果表明,MDD-FedGNN 优于基线方法,证实了通过不同安全机构之间的数据共享和垂直联合学习来训练更强大的恶意域检测模型的可行性。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
Computers & Security
Computers & Security 工程技术-计算机:信息系统
CiteScore
12.40
自引率
7.10%
发文量
365
审稿时长
10.7 months
期刊介绍: Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.
期刊最新文献
Palm vein template protection scheme for resisting similarity attack A reliability anomaly detection method based on enhanced GRU-Autoencoder for Vehicular Fog Computing services A cyber-resilient open architecture for drone control AECR: Automatic attack technique intelligence extraction based on fine-tuned large language model CD-Net: Robust mobile traffic classification against apps updating
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1