Cargando…
Malicious Domain Detection Based on K-means and SMOTE
The Domain Name System (DNS) as the foundation of Internet, has been widely used by cybercriminals. A lot of malicious domain detection methods have received significant success in the past decades. However, existing detection methods usually use classification-based and association-based representa...
| Autores principales: | , , , , , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
2020
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7302825/ http://dx.doi.org/10.1007/978-3-030-50417-5_35 |
| _version_ | 1783547929701646336 |
|---|---|
| author | Wang, Qing Li, Linyu Jiang, Bo Lu, Zhigang Liu, Junrong Jian, Shijie |
| author_facet | Wang, Qing Li, Linyu Jiang, Bo Lu, Zhigang Liu, Junrong Jian, Shijie |
| author_sort | Wang, Qing |
| collection | PubMed |
| description | The Domain Name System (DNS) as the foundation of Internet, has been widely used by cybercriminals. A lot of malicious domain detection methods have received significant success in the past decades. However, existing detection methods usually use classification-based and association-based representations, which are not capable of dealing with the imbalanced problem between malicious and benign domains. To solve the problem, we propose a novel domain detection system named KSDom. KSDom designs a data collector to collect a large number of DNS traffic data and rich external DNS-related data, then employs K-means and SMOTE method to handle the imbalanced data. Finally, KSDom uses Categorical Boosting (CatBoost) algorithm to identify malicious domains. Comprehensive experimental results clearly show the effectiveness of our KSDom system and prove its good robustness in imbalanced datasets with different ratios. KSDom still has high accuracy even in extremely imbalanced DNS traffic. |
| format | Online Article Text |
| id | pubmed-7302825 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2020 |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-73028252020-06-19 Malicious Domain Detection Based on K-means and SMOTE Wang, Qing Li, Linyu Jiang, Bo Lu, Zhigang Liu, Junrong Jian, Shijie Computational Science – ICCS 2020 Article The Domain Name System (DNS) as the foundation of Internet, has been widely used by cybercriminals. A lot of malicious domain detection methods have received significant success in the past decades. However, existing detection methods usually use classification-based and association-based representations, which are not capable of dealing with the imbalanced problem between malicious and benign domains. To solve the problem, we propose a novel domain detection system named KSDom. KSDom designs a data collector to collect a large number of DNS traffic data and rich external DNS-related data, then employs K-means and SMOTE method to handle the imbalanced data. Finally, KSDom uses Categorical Boosting (CatBoost) algorithm to identify malicious domains. Comprehensive experimental results clearly show the effectiveness of our KSDom system and prove its good robustness in imbalanced datasets with different ratios. KSDom still has high accuracy even in extremely imbalanced DNS traffic. 2020-06-15 /pmc/articles/PMC7302825/ http://dx.doi.org/10.1007/978-3-030-50417-5_35 Text en © Springer Nature Switzerland AG 2020 This article is made available via the PMC Open Access Subset for unrestricted research re-use and secondary analysis in any form or by any means with acknowledgement of the original source. These permissions are granted for the duration of the World Health Organization (WHO) declaration of COVID-19 as a global pandemic. |
| spellingShingle | Article Wang, Qing Li, Linyu Jiang, Bo Lu, Zhigang Liu, Junrong Jian, Shijie Malicious Domain Detection Based on K-means and SMOTE |
| title | Malicious Domain Detection Based on K-means and SMOTE |
| title_full | Malicious Domain Detection Based on K-means and SMOTE |
| title_fullStr | Malicious Domain Detection Based on K-means and SMOTE |
| title_full_unstemmed | Malicious Domain Detection Based on K-means and SMOTE |
| title_short | Malicious Domain Detection Based on K-means and SMOTE |
| title_sort | malicious domain detection based on k-means and smote |
| topic | Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7302825/ http://dx.doi.org/10.1007/978-3-030-50417-5_35 |
| work_keys_str_mv | AT wangqing maliciousdomaindetectionbasedonkmeansandsmote AT lilinyu maliciousdomaindetectionbasedonkmeansandsmote AT jiangbo maliciousdomaindetectionbasedonkmeansandsmote AT luzhigang maliciousdomaindetectionbasedonkmeansandsmote AT liujunrong maliciousdomaindetectionbasedonkmeansandsmote AT jianshijie maliciousdomaindetectionbasedonkmeansandsmote |