Malicious domain name detection model based on CNN-LSTM

Zhang, Jianhui; Sun, Huiping; Wang, Jiao

doi:10.1117/12.2659649

Cited by 5 publications

(4 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To improve the efficiency of domain name character extraction, studies have applied LSTM (long short‐term memory) [10] and CNN (convolutional neural network) [11] to build malicious domain name detection models, such as cost‐sensitive LSTM [12], parallel structured CNN model [13] and CNN combined with LSTM [14]. The deep learning‐based malicious domain name detector can extract the semantic features of domain name strings without manual effort.…”

Section: Related Workmentioning

confidence: 99%

Malicious domain detection based on semi‐supervised learning and parameter optimization

Liao,

Wang

2024

IET Communications

View full text Add to dashboard Cite

Malicious domains provide malware with covert communication channels which poses a severe threat to cybersecurity. Despite the continuous progress in detecting malicious domains with various machine learning algorithms, maintaining up‐to‐date various samples with fine‐labeled data for training is difficult. To handle these issues and improve the detection accuracy, a novel malicious domain detection method named MDND‐SS‐PO is proposed that combines semi‐supervised learning and parameter optimization. The contributions of the study are as follows. First, the method extracts the statistical features of the IP address, TTL value, the NXDomain record, and the domain name query characteristics to discriminate Domain‐Flux and Fast‐Flux domain names simultaneously. Second, an improved DBSCAN based on the neighborhood division is designed to cluster labeled data and unlabeled data with low time consumption. Then, based on the clustering hypothesis, unlabeled data is tagged with pseudo‐label according to the cluster results, which aims to train a supervised classifier effectively. Finally, Gaussian process regression is used to optimize parameter settings of the algorithm. And the Silhouette index and F1 score are introduced to evaluate the optimization results. Experimental results show that the proposed method achieved a precise detection performance of 0.885 when the ratio of labeled data is 5%.

show abstract

Section: Related Workmentioning

confidence: 99%

Malicious domain detection based on semi‐supervised learning and parameter optimization

Liao,

Wang

2024

IET Communications

View full text Add to dashboard Cite

show abstract

“…In 2018, the large-scale text-based Transformer pretraining model BERT came out, which has refreshed a number of records of natural language processing tasks. Zhang and Zhang (2022) applied BERT to the malicious domain name detection task, which strengthens the character's decisionmaking ability for the model and improves the model's detection performance. However, the BERT model is not used to identify malicious web pages based on the text content of web pages.…”

Section: Related Workmentioning

confidence: 99%

An Abnormal External Link Detection Algorithm Based on Multi-Modal Fusion

2024

International Journal of Information Security and Privacy

View full text Add to dashboard Cite

Website link detection is an important means to ensure the security of the external chain. In the past, it was mainly realized through blacklisting and feature engineering-based machine learning, which has the problems of slow detection speed and weak model generalization ability. The development of neural networks has brought a new solution to the security detection of the external chain of the website. To address the performance bottleneck caused by the variable content length of web pages, this article introduces an innovative approach: a website external link security detection algorithm based on multi-modal fusion. It extracts text, dynamic script, and image features separately, and constructs a deep fusion model that combines these multi-modal features. Compared with the previous research results, the proposed method is superior to the traditional single-mode method, and can quickly and accurately identify malicious web pages. The accuracy and F1 value are improved by 2.7% and 0.026.

show abstract

“…The model detects malicious domain names by extracting sequence features of different length character combinations in the domain name string. At the same time, the attention mechanism is introduced to assign a small weight to the output features at the position of the filled characters, reduce the interference of the filled characters on feature extraction, and enhance the ability to extract features of long-distance sequences [22]. Extracting the combined features of domain name string based on CNN and using LSTM to fully mine the character context information in domain name string can achieve a higher detection accuracy than simply using LSTM, GRU or CNN.…”

Section: Literature Reviewmentioning

confidence: 99%

User Station Security Protection Method Based on Random Domain Name Detection and Active Defense

Yin¹,

Ren²,

Liu³

et al. 2023

JIS

View full text Add to dashboard Cite

The power monitoring system is the most important production management system in the power industry. As an important part of the power monitoring system, the user station that lacks grid binding will become an important target of network attacks. In order to perceive the network attack events on the user station side in time, a method combining real-time detection and active defense of random domain names on the user station side was proposed. Capsule network (CapsNet) combined with long short-term memory network (LSTM) was used to classify the domain names extracted from the traffic data. When a random domain name is detected, it sent instructions to routers and switched to update their security policies through the remote terminal protocol (Telnet), or shut down the service interfaces of routers and switched to block network attacks. The experimental results showed that the use of CapsNet combined with LSTM classification algorithm can achieve 99.16% accuracy and 98% recall rate in random domain name detection. Through the Telnet protocol, routers and switches can be linked to make active defense without interrupting services.

show abstract

Malicious domain name detection model based on CNN-LSTM

Cited by 5 publications

References 5 publications

Malicious domain detection based on semi‐supervised learning and parameter optimization

Malicious domain detection based on semi‐supervised learning and parameter optimization

An Abnormal External Link Detection Algorithm Based on Multi-Modal Fusion

User Station Security Protection Method Based on Random Domain Name Detection and Active Defense

Contact Info

Product

Resources

About