DNS dataset for malicious domains detection

Marques, Claudio; Malta, Silvestre; Magalhaes, Joao Paulo

doi:10.1016/j.dib.2021.107342

Cited by 11 publications

(3 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We use a public dataset in this study that has been collected and processed by Marques et al [19]. The dataset contains approximately 90,000 malicious and non-malicious domain name samples of equal size.…”

Section: Datasetmentioning

confidence: 99%

A Unified Learning Approach for Malicious Domain Name Detection

Wagan,

Li,

Zaland

et al. 2023

Axioms

View full text Add to dashboard Cite

The DNS firewall plays an important role in network security. It is based on a list of known malicious domain names, and, based on these lists, the firewall blocks communication with these domain names. However, DNS firewalls can only block known malicious domain names, excluding communication with unknown malicious domain names. Prior research has found that machine learning techniques are effective for detecting unknown malicious domain names. However, those methods have limited capabilities to learn from both textual and numerical data. To solve this issue, we present a novel unified learning approach that uses both numerical and textual features of the domain name to classify whether a domain name pair is malicious or not. The experiments were conducted on a benchmark domain names dataset consisting of 90,000 domain names. The experimental results show that the proposed approach performs significantly better than the six comparative methods in terms of accuracy, precision, recall, and F1-Score.

show abstract

Section: Datasetmentioning

confidence: 99%

A Unified Learning Approach for Malicious Domain Name Detection

Wagan,

Li,

Zaland

et al. 2023

Axioms

View full text Add to dashboard Cite

show abstract

“…The dataset used in this study was released by Marques et al [34] in 2021 to classify the data sample as malicious or non-malicious. It was created from DNS logs, where the non-malicious domain were acquired from Rapid7 Labs [35] and the malicious domains from SANS Internet Storm Center (SANS) public list [36].…”

Section: Dataset Descriptionmentioning

confidence: 99%

Interpretable Machine Learning Models for Malicious Domains Detection Using Explainable Artificial Intelligence (XAI)

et al. 2022

View full text Add to dashboard Cite

With the expansion of the internet, a major threat has emerged involving the spread of malicious domains intended by attackers to perform illegal activities aiming to target governments, violating privacy of organizations, and even manipulating everyday users. Therefore, detecting these harmful domains is necessary to combat the growing network attacks. Machine Learning (ML) models have shown significant outcomes towards the detection of malicious domains. However, the “black box” nature of the complex ML models obstructs their wide-ranging acceptance in some of the fields. The emergence of Explainable Artificial Intelligence (XAI) has successfully incorporated the interpretability and explicability in the complex models. Furthermore, the post hoc XAI model has enabled the interpretability without affecting the performance of the models. This study aimed to propose an Explainable Artificial Intelligence (XAI) model to detect malicious domains on a recent dataset containing 45,000 samples of malicious and non-malicious domains. In the current study, initially several interpretable ML models, such as Decision Tree (DT) and Naïve Bayes (NB), and black box ensemble models, such as Random Forest (RF), Extreme Gradient Boosting (XGB), AdaBoost (AB), and Cat Boost (CB) algorithms, were implemented and found that XGB outperformed the other classifiers. Furthermore, the post hoc XAI global surrogate model (Shapley additive explanations) and local surrogate LIME were used to generate the explanation of the XGB prediction. Two sets of experiments were performed; initially the model was executed using a preprocessed dataset and later with selected features using the Sequential Forward Feature selection algorithm. The results demonstrate that ML algorithms were able to distinguish benign and malicious domains with overall accuracy ranging from 0.8479 to 0.9856. The ensemble classifier XGB achieved the highest result, with an AUC and accuracy of 0.9991 and 0.9856, respectively, before the feature selection algorithm, while there was an AUC of 0.999 and accuracy of 0.9818 after the feature selection algorithm. The proposed model outperformed the benchmark study.

show abstract

“…We investigate which type of fea-tures leads to more accurate classification results (i.e., does the feature category affect the classification accuracy of domain names?). Using a recent DNS dataset [26], five machine learning algorithms are trained separately using one of the three feature categories: hostbased, lexicalbased, and a combination of both. Then, we explore feature importance using four feature importance measures to answer the question of what are the most influential features in the automatic detection of malicious domain names.…”

Section: Introductionmentioning

confidence: 99%

Improved Detection of Malicious Domain Names Using Gradient Boosted Machines and Feature Engineering

Alhogail¹,

Al-Turaiki

2022

ITC

View full text Add to dashboard Cite

Malicious domain names have been commonly used in recent years to launch different cyber-attacks. There are a large number of malicious domains that are registered every day and some of which are only active for brief periods of time. Therefore, the automated malicious domain names detection is needed to provide security for individuals and organisations. As new technologies continue to emerge, the detection of malicious domain names remains a challenging task. In this study, we propose a model to effectively detect malicious domain names. This is done by evaluating the performance of several machine learning algorithms and feature importance measures using a recent DNS dataset. Based on the empirical evaluation, the gradient boosted machines GBM classiﬁcation with a combination of lexical and host-based features produce the most accurate detection rates of 98.8% accuracy and a low false positive rate of 0.003. In terms of feature importance, measures used in this study agree on the importance of six features, ﬁve of which are lexical in nature. Furthermore, to make the best out of these relevant features, we apply automatic feature engineering. Our results show that preprocessing the dataset using deep feature synthesis and then reducing the dimensionality improves the classiﬁcations performance as compared to using raw features. The results of this study are then veriﬁed using a challenging category of domain names, the domain generation algorithm dataset, and consistent results are obtained.

show abstract

DNS dataset for malicious domains detection

Cited by 11 publications

References 1 publication

A Unified Learning Approach for Malicious Domain Name Detection

A Unified Learning Approach for Malicious Domain Name Detection

Interpretable Machine Learning Models for Malicious Domains Detection Using Explainable Artificial Intelligence (XAI)

Improved Detection of Malicious Domain Names Using Gradient Boosted Machines and Feature Engineering

Contact Info

Product

Resources

About