Go to DBLP homepageHeterogeneous Graph Attention Network for Malicious Domain Detection
Abstract: Domain name system(DNS) is a basic part of the Internet infrastructure, but it is also abused by attackers in various cybercrimes, making the task of malicious domain detection increasingly important. Most of previous detection methods employ feature-based methods for malicious domain detection. However, the feature-based methods can be easily circumvented by attackers. To solve this issue, some recent researches utilize associations among domains to identify malicious domains, yet without jointly considering both local neighbor’s importance and global semantic information’s importance. In this paper, we present HANDom, a robust and accurate malicious detection system based on a heterogeneous graph attention network. In HANDom, we first model the DNS scene as a heterogeneous information network(HIN) including domains, clients, IP addresses and their relationships, to capture implicit relationships between domains. Then, we use a hierarchical attention mechanism to learn the importance of different neighbors based meta-path as well as the importance of different meta-paths to the current domain node. Extensive experiments are carried out on the real DNS dataset and results show that our system outperforms the state-of-the-art methods.
External IDs:dblp:conf/icann/LiYLCFT22
Loading