Few-shot Malicious Domain Detection on Heterogeneous Graph with Meta-learning

IF 2 3区计算机科学 Q3 COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS Computer Supported Cooperative Work-The Journal of Collaborative Computing Pub Date : 2023-05-24 DOI:10.1109/CSCWD57460.2023.10152708

Yi Gao, Fangfang Yuan, Cong Cao, Majing Su, Dakui Wang, Yanbing Liu

{"title":"Few-shot Malicious Domain Detection on Heterogeneous Graph with Meta-learning","authors":"Yi Gao, Fangfang Yuan, Cong Cao, Majing Su, Dakui Wang, Yanbing Liu","doi":"10.1109/CSCWD57460.2023.10152708","DOIUrl":null,"url":null,"abstract":"The Domain Name System (DNS), one of the essential basic services on the Internet, is often abused by attackers to launch various cyber attacks, such as phishing and spamming. Researchers have proposed many machine learning-based and deep learning-based methods to detect malicious domains. However, these methods rely on a large-scale dataset with labeled samples for model training. The fact is that the labeled domain samples are limited in the real-world DNS dataset. In this paper, we propose a few-shot malicious domain detection model named MetaDom, which employs a meta-learning algorithm for model optimization. Specifically, We first model the DNS scenario as a heterogeneous graph to capture richer information by analysing the complex relations among domains, IP addresses and clients. Then, we learn the domain representations with a heterogeneous graph neural network on the DNS HG. Finally, considering that only few labeled data are available in the real-world DNS scenario, a meta-learning algorithm with knowledge distillation is introduced to optimize the model. Extensive experiments on the real DNS dataset show that MetaDom outperforms other state-of-the-art methods.","PeriodicalId":51008,"journal":{"name":"Computer Supported Cooperative Work-The Journal of Collaborative Computing","volume":"62 1","pages":"727-732"},"PeriodicalIF":2.0000,"publicationDate":"2023-05-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Supported Cooperative Work-The Journal of Collaborative Computing","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1109/CSCWD57460.2023.10152708","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS","Score":null,"Total":0}

引用次数: 0

Abstract

The Domain Name System (DNS), one of the essential basic services on the Internet, is often abused by attackers to launch various cyber attacks, such as phishing and spamming. Researchers have proposed many machine learning-based and deep learning-based methods to detect malicious domains. However, these methods rely on a large-scale dataset with labeled samples for model training. The fact is that the labeled domain samples are limited in the real-world DNS dataset. In this paper, we propose a few-shot malicious domain detection model named MetaDom, which employs a meta-learning algorithm for model optimization. Specifically, We first model the DNS scenario as a heterogeneous graph to capture richer information by analysing the complex relations among domains, IP addresses and clients. Then, we learn the domain representations with a heterogeneous graph neural network on the DNS HG. Finally, considering that only few labeled data are available in the real-world DNS scenario, a meta-learning algorithm with knowledge distillation is introduced to optimize the model. Extensive experiments on the real DNS dataset show that MetaDom outperforms other state-of-the-art methods.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

基于元学习的异构图少射恶意域检测

域名系统(DNS)是互联网上必不可少的基本服务之一，经常被攻击者滥用，进行各种网络攻击，例如网络钓鱼和垃圾邮件。研究人员提出了许多基于机器学习和深度学习的方法来检测恶意域。然而，这些方法依赖于带有标记样本的大规模数据集进行模型训练。事实上，标记的域样本在真实的DNS数据集中是有限的。本文提出了一种基于元学习算法的少射恶意域检测模型MetaDom，该模型采用元学习算法对模型进行优化。具体来说，我们首先将DNS场景建模为异构图，通过分析域、IP地址和客户端之间的复杂关系来获取更丰富的信息。然后，利用异构图神经网络在DNS HG上学习域表示。最后，考虑到实际DNS场景中可用的标记数据很少，引入了知识蒸馏的元学习算法对模型进行优化。在真实DNS数据集上进行的大量实验表明，MetaDom优于其他最先进的方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Computer Supported Cooperative Work-The Journal of Collaborative Computing COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS-

CiteScore

6.40

自引率

4.20%

发文量

审稿时长

>12 weeks

期刊介绍： Computer Supported Cooperative Work (CSCW): The Journal of Collaborative Computing and Work Practices is devoted to innovative research in computer-supported cooperative work (CSCW). It provides an interdisciplinary and international forum for the debate and exchange of ideas concerning theoretical, practical, technical, and social issues in CSCW. The CSCW Journal arose in response to the growing interest in the design, implementation and use of technical systems (including computing, information, and communications technologies) which support people working cooperatively, and its scope remains to encompass the multifarious aspects of research within CSCW and related areas. The CSCW Journal focuses on research oriented towards the development of collaborative computing technologies on the basis of studies of actual cooperative work practices (where ‘work’ is used in the wider sense). That is, it welcomes in particular submissions that (a) report on findings from ethnographic or similar kinds of in-depth fieldwork of work practices with a view to their technological implications, (b) report on empirical evaluations of the use of extant or novel technical solutions under real-world conditions, and/or (c) develop technical or conceptual frameworks for practice-oriented computing research based on previous fieldwork and evaluations.