Fast-Flux Malicious Domain Name Detection Method Based on Domain Resolution Spatial Features

Shaojie Chen; Bo Lang; Bo Lang; Chong Xie

doi:10.5220/0011872700003405

Fast-Flux Malicious Domain Name Detection Method Based on Domain Resolution Spatial Features

Shaojie Chen, Bo Lang, Bo Lang, Chong Xie

2023

Abstract

Fast-Flux malicious domain names evade detection by quickly changing the resolved IP addresses of the domain name, and play an important role in cyberattacks. In order to improve the performance of the Fast-Flux domain name detection, this paper explores and uses the rich spatial features contained in the domain name resolution process, and proposes a Fast-Flux malicious domain name detection method based on the domain resolution spatial features. In this method, the CNAMEs and IPs in the resolution results obtained by multiple requests are used as nodes to construct the resolution spatial relationship graph (RSRG). Then the NS record of the second-level domain name, Geographical locations and Autonomous System Numbers of the resolved IPs, and WHOIS information of the domain name are further extracted as the node features in the RSRG. Finally, a GCN model with Max Pooling algorithm is used to extract spatial features from RSRG and perform classification. Our method achieves an accuracy of 94.98% and an F1 value of 92.02% on the self-constructed dataset, and the overall performance is significantly better than the current best methods.

Download

Paper Citation

in Harvard Style

Chen S., Lang B. and Xie C. (2023). Fast-Flux Malicious Domain Name Detection Method Based on Domain Resolution Spatial Features. In Proceedings of the 9th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-624-8, pages 240-251. DOI: 10.5220/0011872700003405

in Bibtex Style

@conference{icissp23,
author={Shaojie Chen and Bo Lang and Chong Xie},
title={Fast-Flux Malicious Domain Name Detection Method Based on Domain Resolution Spatial Features},
booktitle={Proceedings of the 9th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2023},
pages={240-251},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011872700003405},
isbn={978-989-758-624-8},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 9th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Fast-Flux Malicious Domain Name Detection Method Based on Domain Resolution Spatial Features
SN - 978-989-758-624-8
AU - Chen S.
AU - Lang B.
AU - Xie C.
PY - 2023
SP - 240
EP - 251
DO - 10.5220/0011872700003405