A Unified Learning Approach for Malicious Domain Name Detection

Atif Ali Wagan; Qianmu Li; Zubair Zaland; Shah Marjan; Dadan Khan Bozdar; Aamir Hussain; Aamir Mehmood Mirza; Mehmood Baryalai

doi:10.3390/axioms12050458

Axioms (May 2023)

A Unified Learning Approach for Malicious Domain Name Detection

Atif Ali Wagan,
Qianmu Li,
Zubair Zaland,
Shah Marjan,
Dadan Khan Bozdar,
Aamir Hussain,
Aamir Mehmood Mirza,
Mehmood Baryalai

Affiliations

Atif Ali Wagan: School of Computer Science and Engineering, Nanjing University of Science and Technology, Nanjing 210094, China
Qianmu Li: School of Computer Science and Engineering, Nanjing University of Science and Technology, Nanjing 210094, China
Zubair Zaland: Department of Software Engineering, Balochistan University of Information Technology Engineering and Management Sciences, Quetta 87300, Pakistan
Shah Marjan: Department of Software Engineering, Balochistan University of Information Technology Engineering and Management Sciences, Quetta 87300, Pakistan
Dadan Khan Bozdar: Department of Computer Science, Balochistan University of Information Technology Engineering and Management Sciences, Quetta 87300, Pakistan
Aamir Hussain: Department of Computer Science, Muhammad Nawaz Shareef University of Agriculture Multan, Multan 60000, Pakistan
Aamir Mehmood Mirza: Department of Computer Science, Balochistan University of Information Technology Engineering and Management Sciences, Quetta 87300, Pakistan
Mehmood Baryalai: Department of Computer Science, Balochistan University of Information Technology Engineering and Management Sciences, Quetta 87300, Pakistan

DOI: https://doi.org/10.3390/axioms12050458
Journal volume & issue: Vol. 12, no. 5
p. 458

Abstract

Read online

The DNS firewall plays an important role in network security. It is based on a list of known malicious domain names, and, based on these lists, the firewall blocks communication with these domain names. However, DNS firewalls can only block known malicious domain names, excluding communication with unknown malicious domain names. Prior research has found that machine learning techniques are effective for detecting unknown malicious domain names. However, those methods have limited capabilities to learn from both textual and numerical data. To solve this issue, we present a novel unified learning approach that uses both numerical and textual features of the domain name to classify whether a domain name pair is malicious or not. The experiments were conducted on a benchmark domain names dataset consisting of 90,000 domain names. The experimental results show that the proposed approach performs significantly better than the six comparative methods in terms of accuracy, precision, recall, and F1-Score.

Published in Axioms

ISSN: 2075-1680 (Online)
Publisher: MDPI AG
Country of publisher: Switzerland
LCC subjects: Science: Mathematics
Website: http://www.mdpi.com/journal/axioms

About the journal

Abstract

Keywords