Go to DBLP homepageRobust Malicious Domain Detection Based on Spatio-Temporal Hypergraph Networks
Abstract: Malicious domains serve as significant resources for adversaries to execute cyber attacks and are crucial indicators for detecting network intrusions. In practical scenarios, malicious domains associated with various attacks are intermingled within DNS traffic, leading to variability in the performance of machine learning-based detection methods. To address this challenge, we have collected extensive DNS traffic data spanning 12 months from a real-world large-scale network with 1 million users. From this dataset, we have extracted numerous requested domains, encompassing 267 attacks that exploit malicious domain names. Furthermore, we have observed that the distinct properties of malicious domains associated with different attacks contribute to the fluctuating performance of machine learning-based detection models. Consequently, we have introduced a spatiotemporal hypergraph network model, which establishes high-order relationships among domain properties to enhance the generalization capability and robustness of the detection model. The results of extensive testing experiments demonstrate that our model achieves remarkable performance, with an average precision of 97% and recall of 98%.
Loading