MADMAX: Browser-Based Malicious Domain Detection Through Extreme Learning Machine

Kazuki Iwahana; Tatsuya Takemura; Ju Chien Cheng; Nami Ashizawa; Naoki Umeda; Kodai Sato; Ryota Kawakami; Rei Shimizu; Yuichiro Chinen; Naoto Yanai

doi:10.1109/ACCESS.2021.3080456

IEEE Access (Jan 2021)

MADMAX: Browser-Based Malicious Domain Detection Through Extreme Learning Machine

Kazuki Iwahana,
Tatsuya Takemura,
Ju Chien Cheng,
Nami Ashizawa,
Naoki Umeda,
Kodai Sato,
Ryota Kawakami,
Rei Shimizu,
Yuichiro Chinen,
Naoto Yanai

Affiliations

Kazuki Iwahana: ORCiD; Graduate School of Information Science and Technology, Osaka University, Suita, Japan
Tatsuya Takemura: ORCiD; Graduate School of Information Science and Technology, Osaka University, Suita, Japan
Ju Chien Cheng: ORCiD; Graduate School of Information Science and Technology, Osaka University, Suita, Japan
Nami Ashizawa: ORCiD; Graduate School of Information Science and Technology, Osaka University, Suita, Japan
Naoki Umeda: ORCiD; Graduate School of Information Science and Technology, Osaka University, Suita, Japan
Kodai Sato: ORCiD; Graduate School of Information Science and Technology, Osaka University, Suita, Japan
Ryota Kawakami: Graduate School of Information Science and Technology, Osaka University, Suita, Japan
Rei Shimizu: Graduate School of Information Science and Technology, Osaka University, Suita, Japan
Yuichiro Chinen: Graduate School of Information Science and Technology, Osaka University, Suita, Japan
Naoto Yanai: ORCiD; Graduate School of Information Science and Technology, Osaka University, Suita, Japan

DOI: https://doi.org/10.1109/ACCESS.2021.3080456
Journal volume & issue: Vol. 9
pp. 78293 – 78314

Abstract

Read online

Fast and accurate malicious domain detection is an essential research theme to prevent cybercrime, and machine learning is an attractive approach for detecting unseen malicious domains in the past decade. In this paper, we present MADMAX (MAchine learning-baseD MAlicious domain eXhauster), a browser-based application leveraging extreme learning machine (ELM) for malicious domain detection. In contrast to the existing work of ELM-based domain detection, MADMAX newly introduces two methods, i.e., selection of optimized features to provide higher accuracy and throughput based on permutation importance and real-time training to retrain a model with an updated malicious dataset for continuous malicious domain detection. We demonstrate that MADMAX fairly outperforms the existing work with respect to accuracy and throughput by virtue of the selection of optimized features. Moreover, we also confirm a model with real-time training stably detects even unseen malicious domains, whereas accuracy of a model without the real-time training decreases due to the unseen domains. The source codes of MADMAX is publicly available via GitHub.

Published in IEEE Access

ISSN: 2169-3536 (Online)
Publisher: IEEE
Country of publisher: United States
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639

About the journal

Abstract

Keywords