Fast-Flux Malicious Domain Name Detection Method Based on Domain Resolution Spatial Features

Shaojie Chen; Bo Lang; Bo Lang; Chong Xie

Research.Publish.Connect.

*Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Country:
Subject:

Advanced Search Affiliations Search

If you're looking for an exact phrase use quotation marks on text fields.

Proceedings

Proceedings Search *Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

Papers

Papers Search *Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

Authors

Authors Search *Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

Advanced Search

Paper

Fast-Flux Malicious Domain Name Detection Method Based on Domain Resolution Spatial Features

Topics: AI and Machine Learning for Security; Data and Software Security; Data Mining and Knowledge Discovery; Intrusion Detection and Response; Security Architecture and Design Analysis

In Proceedings of the 9th International Conference on Information Systems Security and Privacy ICISSP - Volume 1, 240-251, 2023 , Lisbon, Portugal

Authors: Shaojie Chen ¹ ; Bo Lang ^{1

;

2} and Chong Xie ¹

Affiliations: ¹ State Key Laboratory of Software Development Environment, Beihang University, Beijing, China ; ² Zhongguancun Laboratory, Beijing, China

Keyword(s): Fast-Flux Domain Name Detection, Domain Resolution Spatial Features, Resolution Spatial Relationship Graph, GCN, Botnet.

Abstract: Fast-Flux malicious domain names evade detection by quickly changing the resolved IP addresses of the domain name, and play an important role in cyberattacks. In order to improve the performance of the Fast-Flux domain name detection, this paper explores and uses the rich spatial features contained in the domain name resolution process, and proposes a Fast-Flux malicious domain name detection method based on the domain resolution spatial features. In this method, the CNAMEs and IPs in the resolution results obtained by multiple requests are used as nodes to construct the resolution spatial relationship graph (RSRG). Then the NS record of the second-level domain name, Geographical locations and Autonomous System Numbers of the resolved IPs, and WHOIS information of the domain name are further extracted as the node features in the RSRG. Finally, a GCN model with Max Pooling algorithm is used to extract spatial features from RSRG and perform classification. Our method achieves an accura cy of 94.98% and an F1 value of 92.02% on the self-constructed dataset, and the overall performance is significantly better than the current best methods. (More)

CC BY-NC-ND 4.0

Guest: Register as new SciTePress user now for free.

SciTePress user: please login.

My Papers

You are not signed in, therefore limits apply to your IP address 18.221.52.77

In the current month:

Recent papers: 100 available of 100 total

2⁺ years older papers: 200 available of 200 total

Paper citation in several formats:

Chen, S.; Lang, B. and Xie, C. (2023). Fast-Flux Malicious Domain Name Detection Method Based on Domain Resolution Spatial Features. In Proceedings of the 9th International Conference on Information Systems Security and Privacy - ICISSP; ISBN 978-989-758-624-8; ISSN 2184-4356, SciTePress, pages 240-251. DOI: 10.5220/0011872700003405

@conference{icissp23,
author={Shaojie Chen. and Bo Lang. and Chong Xie.},
title={Fast-Flux Malicious Domain Name Detection Method Based on Domain Resolution Spatial Features},
booktitle={Proceedings of the 9th International Conference on Information Systems Security and Privacy - ICISSP},
year={2023},
pages={240-251},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011872700003405},
isbn={978-989-758-624-8},
issn={2184-4356},
}

TY - CONF

JO - Proceedings of the 9th International Conference on Information Systems Security and Privacy - ICISSP
TI - Fast-Flux Malicious Domain Name Detection Method Based on Domain Resolution Spatial Features
SN - 978-989-758-624-8
IS - 2184-4356
AU - Chen, S.
AU - Lang, B.
AU - Xie, C.
PY - 2023
SP - 240
EP - 251
DO - 10.5220/0011872700003405
PB - SciTePress