MC-Det: Multi-channel representation fusion for malicious domain name detection

As the essential fundamental infrastructure of the current network, the Domain Name System is widely abused by cyber attackers, malicious domain detection has become a crucial task in combating cyber crime. Most existing methods focus on local attributes, treating each domain name individually. Alternatively, they prioritize global associations among domain names, but ignore the attributes of the domains themselves, allowing malicious domain names to survive through sophisticated evasion techniques. In this paper, we propose MC-Det, a hybrid framework for detecting malicious domain names by fusing a Multi-channel representation of domain names. MC-Det first abstracts the domain name resolution process into three spatially independent information channels: Attribute space, which contains the intrinsic information in the domain name string itself, Constraint space, which involves the potential constraints imposed on the network activity behind the domain name, Topological space, which represents the actual usage and deployment of the domain name. Subsequently, it generates proper embedding representations of domain names for each channel. This novel Multi-channel representation provides a comprehensive understanding of domain name resolution process. Finally, a Multi-channel fusion strategy employing by attention mechanism is used to generate the final representation of domain names for the classifier, making MC-Det suitable for malicious domain name detection in different application scenarios. Experimental results demonstrate that MC-Det outperforms other state-of-the-art techniques, while only utilizing the resource information revealed in the domain name resolution phase.