Axioms (May 2023)

A Unified Learning Approach for Malicious Domain Name Detection

  • Atif Ali Wagan,
  • Qianmu Li,
  • Zubair Zaland,
  • Shah Marjan,
  • Dadan Khan Bozdar,
  • Aamir Hussain,
  • Aamir Mehmood Mirza,
  • Mehmood Baryalai

DOI
https://doi.org/10.3390/axioms12050458
Journal volume & issue
Vol. 12, no. 5
p. 458

Abstract

Read online

The DNS firewall plays an important role in network security. It is based on a list of known malicious domain names, and, based on these lists, the firewall blocks communication with these domain names. However, DNS firewalls can only block known malicious domain names, excluding communication with unknown malicious domain names. Prior research has found that machine learning techniques are effective for detecting unknown malicious domain names. However, those methods have limited capabilities to learn from both textual and numerical data. To solve this issue, we present a novel unified learning approach that uses both numerical and textual features of the domain name to classify whether a domain name pair is malicious or not. The experiments were conducted on a benchmark domain names dataset consisting of 90,000 domain names. The experimental results show that the proposed approach performs significantly better than the six comparative methods in terms of accuracy, precision, recall, and F1-Score.

Keywords