Robust Malicious Domain Detection

Nitay Hason, Amit Dvir, Chen Hajaj

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

7 Scopus citations

Abstract

Malicious domains are increasingly common and pose a severe cybersecurity threat. Specifically, many types of current cyber attacks use URLs for attack communications (e.g., C&C, phishing, and spear-phishing). Despite the continuous progress in detecting these attacks, many alarming problems remain open, such as the weak spots of the defense mechanisms. Because ML has become one of the most prominent methods of malware detection, we propose a robust feature selection mechanism that results in malicious domain detection models that are resistant to black-box evasion attacks. This paper makes two main contributions. Our mechanism exhibits high performance based on data collected from ~5000 benign active URLs and ~1350 malicious active (attacks) URLs. We also provide an analysis of robust feature selection based on widely used features in the literature. Note that even though we cut the feature set dimensional space in half (from nine to four features), we still improve the performance of the classifier (an increase in the model’s F1-score from 92.92% to 95.81%). The fact that our models are robust to malicious perturbations but are also useful for clean data demonstrates the effectiveness of constructing a model that is solely trained on robust features.

Original languageEnglish
Title of host publicationCyber Security Cryptography and Machine Learning - 4th International Symposium, CSCML 2020, Proceedings
EditorsShlomi Dolev, Gera Weiss, Vladimir Kolesnikov, Sachin Lodha
PublisherSpringer
Pages45-61
Number of pages17
ISBN (Print)9783030497842
DOIs
StatePublished - 1 Jan 2020
Externally publishedYes
Event4th International Symposium on Cyber Security Cryptography and Machine Learning, CSCML 2020 - Beersheba, Israel
Duration: 2 Jul 20203 Jul 2020

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume12161 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference4th International Symposium on Cyber Security Cryptography and Machine Learning, CSCML 2020
Country/TerritoryIsrael
CityBeersheba
Period2/07/203/07/20

Keywords

  • Domain
  • Malware detection
  • Robust features

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'Robust Malicious Domain Detection'. Together they form a unique fingerprint.

Cite this