Author
Listed:
- Xi Luo
(Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou 510006, China
These authors contributed equally to this work.)
- Yixin Li
(Big Data Center of State Grid Corporation of China, Xicheng District, Beijing 100052, China
These authors contributed equally to this work.)
- Hongyuan Cheng
(Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou 510006, China
These authors contributed equally to this work.)
- Lihua Yin
(Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou 510006, China)
Abstract
Domain Name System (DNS) plays an infrastructure role in providing the directory service for mapping domains to IPs on the Internet. Considering the foundation and openness of DNS, it is not surprising that adversaries register massive domains to enable multiple malicious activities, such as spam, command and control (C&C), malware distribution, click fraud, etc. Therefore, detecting malicious domains is a significant topic in security research. Although a substantial quantity of research has been conducted, previous work has failed to fuse multiple relationship features to uncover the deep underlying relationships between domains, thus largely limiting their level of performance. In this paper, we proposed AGCN-Domain to detect malicious domains by combining various relations. The core concept behind our work is to analyze relations between domains according to their behaviors in multiple perspectives and fuse them intelligently. The AGCN-Domain model utilizes three relationships (client relation, resolution relation, and cname relation) to construct three relationship feature graphs to extract features and intelligently fuse the features extracted from the graphs through an attention mechanism. After the relationship features are extracted from the domain names, they are put into the trained classifier to be processed. Through our experiments, we have demonstrated the performance of our proposed AGCN-Domain model. With 10% initialized labels in the dataset, our AGCN-Domain model achieved an accuracy of 94.27% and the F1 score of 87.93% , significantly outperforming other methods in the comparative experiments.
Suggested Citation
Xi Luo & Yixin Li & Hongyuan Cheng & Lihua Yin, 2024.
"AGCN-Domain: Detecting Malicious Domains with Graph Convolutional Network and Attention Mechanism,"
Mathematics, MDPI, vol. 12(5), pages 1-16, February.
Handle:
RePEc:gam:jmathe:v:12:y:2024:i:5:p:640-:d:1343494
Download full text from publisher
Corrections
All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jmathe:v:12:y:2024:i:5:p:640-:d:1343494. See general information about how to correct material in RePEc.
If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.
We have no bibliographic references for this item. You can help adding them by using this form .
If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.
For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .
Please note that corrections may take a couple of weeks to filter through
the various RePEc services.