Yabo Wang , Ruizhi Xiao , Jiakun Sun , Shuyuan Jin
{"title":"MC-Det:多通道表示融合用于恶意域名检测","authors":"Yabo Wang , Ruizhi Xiao , Jiakun Sun , Shuyuan Jin","doi":"10.1016/j.comnet.2024.110847","DOIUrl":null,"url":null,"abstract":"<div><div>As the essential fundamental infrastructure of the current network, the Domain Name System is widely abused by cyber attackers, malicious domain detection has become a crucial task in combating cyber crime. Most existing methods focus on local attributes, treating each domain name individually. Alternatively, they prioritize global associations among domain names, but ignore the attributes of the domains themselves, allowing malicious domain names to survive through sophisticated evasion techniques. In this paper, we propose MC-Det, a hybrid framework for detecting malicious domain names by fusing a Multi-channel representation of domain names. MC-Det first abstracts the domain name resolution process into three spatially independent information channels: Attribute space, which contains the intrinsic information in the domain name string itself, Constraint space, which involves the potential constraints imposed on the network activity behind the domain name, Topological space, which represents the actual usage and deployment of the domain name. Subsequently, it generates proper embedding representations of domain names for each channel. This novel Multi-channel representation provides a comprehensive understanding of domain name resolution process. Finally, a Multi-channel fusion strategy employing by attention mechanism is used to generate the final representation of domain names for the classifier, making MC-Det suitable for malicious domain name detection in different application scenarios. Experimental results demonstrate that MC-Det outperforms other state-of-the-art techniques, while only utilizing the resource information revealed in the domain name resolution phase.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":null,"pages":null},"PeriodicalIF":4.4000,"publicationDate":"2024-10-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"MC-Det: Multi-channel representation fusion for malicious domain name detection\",\"authors\":\"Yabo Wang , Ruizhi Xiao , Jiakun Sun , Shuyuan Jin\",\"doi\":\"10.1016/j.comnet.2024.110847\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>As the essential fundamental infrastructure of the current network, the Domain Name System is widely abused by cyber attackers, malicious domain detection has become a crucial task in combating cyber crime. Most existing methods focus on local attributes, treating each domain name individually. Alternatively, they prioritize global associations among domain names, but ignore the attributes of the domains themselves, allowing malicious domain names to survive through sophisticated evasion techniques. In this paper, we propose MC-Det, a hybrid framework for detecting malicious domain names by fusing a Multi-channel representation of domain names. MC-Det first abstracts the domain name resolution process into three spatially independent information channels: Attribute space, which contains the intrinsic information in the domain name string itself, Constraint space, which involves the potential constraints imposed on the network activity behind the domain name, Topological space, which represents the actual usage and deployment of the domain name. Subsequently, it generates proper embedding representations of domain names for each channel. This novel Multi-channel representation provides a comprehensive understanding of domain name resolution process. Finally, a Multi-channel fusion strategy employing by attention mechanism is used to generate the final representation of domain names for the classifier, making MC-Det suitable for malicious domain name detection in different application scenarios. Experimental results demonstrate that MC-Det outperforms other state-of-the-art techniques, while only utilizing the resource information revealed in the domain name resolution phase.</div></div>\",\"PeriodicalId\":50637,\"journal\":{\"name\":\"Computer Networks\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":4.4000,\"publicationDate\":\"2024-10-05\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computer Networks\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S1389128624006790\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1389128624006790","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}
MC-Det: Multi-channel representation fusion for malicious domain name detection
As the essential fundamental infrastructure of the current network, the Domain Name System is widely abused by cyber attackers, malicious domain detection has become a crucial task in combating cyber crime. Most existing methods focus on local attributes, treating each domain name individually. Alternatively, they prioritize global associations among domain names, but ignore the attributes of the domains themselves, allowing malicious domain names to survive through sophisticated evasion techniques. In this paper, we propose MC-Det, a hybrid framework for detecting malicious domain names by fusing a Multi-channel representation of domain names. MC-Det first abstracts the domain name resolution process into three spatially independent information channels: Attribute space, which contains the intrinsic information in the domain name string itself, Constraint space, which involves the potential constraints imposed on the network activity behind the domain name, Topological space, which represents the actual usage and deployment of the domain name. Subsequently, it generates proper embedding representations of domain names for each channel. This novel Multi-channel representation provides a comprehensive understanding of domain name resolution process. Finally, a Multi-channel fusion strategy employing by attention mechanism is used to generate the final representation of domain names for the classifier, making MC-Det suitable for malicious domain name detection in different application scenarios. Experimental results demonstrate that MC-Det outperforms other state-of-the-art techniques, while only utilizing the resource information revealed in the domain name resolution phase.
期刊介绍:
Computer Networks is an international, archival journal providing a publication vehicle for complete coverage of all topics of interest to those involved in the computer communications networking area. The audience includes researchers, managers and operators of networks as well as designers and implementors. The Editorial Board will consider any material for publication that is of interest to those groups.