Using AI to detect and classify malicious domain names

S. Priya; V. Dheeraj  Reddy; Varshini Balaji

doi:10.53730/ijhs.v6nS1.7198

Authors

S. Priya
spriyasrmist@gmail.com
Department of Computer Science and Engineering, SRM Institute of Science and Technology, Ramapuram, Chennai, 600089, India
V. Dheeraj Reddy Department of Computer Science and Engineering, SRM Institute of Science and Technology, Ramapuram, Chennai, 600089, India
Varshini Balaji Department of Computer Science and Engineering, SRM Institute of Science and Technology, Ramapuram, Chennai, 600089, India

Keywords:

Domain Name System (DNS), Internet, Spark framework

Abstract

On the Internet and other IP networks, the Domain Name System (DNS) is used to identify machines. Resource entries in the DNS link domain names to various sorts of data. Commonly, it is used to transform domain names to IP addresses so that computers may locate services and devices utilizing the underlying network protocols. Due to a lack of security safeguards, cybercriminals use the Domain Name System (DNS) to launch attacks. So how to quickly locate and block possibilities? Finding rogue websites and their IP addresses has become a prominent research topic. Preventing unknown cyber-attacks is critical. This article advocated analysing enormous amounts of mobile web traffic to find dangerous domains. To classify, we used text and domain traffic statistics. Then we gave three typical classifiers to compare their impacts. The Spark framework is used to calculate huge amounts of DNS traffic. Our system's efficiency persuades us. It can be very useful in network security. The new features are tough to use and assist in identifying rogue domains. We tested MalPortrait using real-world big ISP networks' passive DNS traffic.

Downloads

Download data is not yet available.

References

T. Yu, Y. Zhauniarovich, I. Khalil, and M. Dacier, "A survey on malicious domains detection through dns data analysis," ACM Computing Surveys, vol. 51, no. 4, 2018.

S. Vosoughi, P. Vijayaraghavan, and D. Roy, "Tweet2vec: Learning tweet embeddings using character-level cnn-lstm encoder-decoder," in Proc. of SIGIR 2016. ACM, 2016, pp. 10411044.

N.-Y. Liang, G.-B. Huang, P. Saratchandran, and N. Sundararajan, "A fast and accurate online sequential learning algorithm for feedforward 1423, 2006.

Zhizhou Liang, Tianning Zang, Yuwei Zeng, “Malpotrait: Sketch Malicious Domain Portraits Based on Passive DNS Data”, 2020, IEEE Wireless Communications and Networking Conference (WCNC), 2020.

G.-B. Huang, Q.-Y. Zhu, and C.-K. Siew, "Extreme learning machine: Theory and applications," Neurocomputing, vol. 70, no. 1, pp. 489501, 2006. [10] W. Cao, X. Wang, Z. Ming, and J. Gao,"A review on neural networks with random weights," Neurocomputing, vol. 275, pp. 278287, 2018.

G. Huang, G.-B. Huang, S. Song, and K. You, "Trends in extreme learning machines: A review," Neural Networks, vol. 61, pp. 3248, 2015.

J. Zhang, Y. Li, W. Xiao, and Z. Zhang, "Non-iterative and fast deep learning: Multilayer extreme learning machines," Journal of the Franklin Institute, vol. 357, no. 13, pp. 89258955, 2020.

T. Matias, F. Souza, R. Arajo, N. Gonalves, and J. P. Barreto, "On- line sequential extreme learning machine based on recursive partial least squares," Journal of Process Control, vol. 27, pp. 1521, 2015.

Kazuki, Tatsuya, Cheng, Nami, Naoki, Umeda, Kodai, Ryota, Rei, Yuichiro and Naoto, “MADMAX: Browser Based Malicious Domain Detection through Extreme Learning Machine”, IEEE Access, Volume 4, pp. 1, 2016.

G. Ke, Q. Meng, T. Finley, T. Wang, W. Chen, W. Ma, Q. Ye, and T.-Y. Liu, "Lightgbm: A highly efcient gradient boosting decision tree," in Proc. of NIPS 2017, vol. 30. Curran Associates, Inc., 2017, pp. 31463154.

B. Yu, J. Pan, J. Hu, A. Nascimento, and M. De Cock, "Character level IEEE, based detection of dga domain names," in Proc. of IJCNN 2018. 2018, pp. 18.

Latchoumi, T. P., & Parthiban, L. (2021). Quasi oppositional dragonfly algorithm for load balancing in a cloud computing environment. Wireless Personal Communications, 1-18.

H. Choi, H. Lee, H. Lee, and H. Kim, "Botnet detection by monitoring IEEE, 2007, pp. group activities in dns trafc," in Proc. of ICCIT 2007. 715720.

Banu, J. F., Muneeshwari, P., Raja, K., Suresh, S., Latchoumi, T. P., & Deepan, S. (2022, January). Ontology-Based Image Retrieval by Utilizing Model Annotations and Content. In 2022 12th International Conference on Cloud Computing, Data Science & Engineering (Confluence) (pp. 300-305). IEEE.

"Efficient and accurate behavior-based tracking of malware-control domains in large isp networks," ACM Transactions on Privacy and Secu- rity, vol. 19, no. 2, pp. 131, 2016.

D. Chiba, T. Yagi, M. Akiyama, T. Shibahara, T. Yada, T. Mori, and S. Goto, "Domainproler: Discovering domain names abused in future," IEEE, 2016, pp. 491502. in Proc. of DSN 2016.

Latchoumi, T. P., Swathi, R., Vidyasri, P., & Balamurugan, K. (2022, March). Develop New Algorithm To Improve Safety On WMSN In Health Disease Monitoring. In 2022 International Mobile and Embedded Technology Conference (MECON) (pp. 357-362). IEEE.

Karnan, B., Kuppusamy, A., Latchoumi, T. P., Banerjee, A., Sinha, A., Biswas, A., & Subramanian, A. K. (2022). Multi-response Optimization of Turning Parameters for Cryogenically Treated and Tempered WC–Co Inserts. Journal of The Institution of Engineers (India): Series D, 1-12.

A. Y. Fu, L. Wenyin, and X. Deng, "Detecting phishing web pages with visual similarity assessment based on earth movers distance (EMD)," pp. 301311, 2006.

R. S. Rao and S. T. Ali, "A computer vision technique to detect phishing attacks," in Proc. of CSNT 2015. IEEE, 2015, pp. 596601.