← Back to Results

STMDF: An Effective Approach for Malicious Domain Detection through Dynamic Spatial-Temporal Analysis

Authors: Hongwu Li Institute of Information Engineering Chinese Academy of Sciences School of Cyber Security, University of Chinese Academy of Sciences JianQiang Li National Computer network Emergency Response technical Team Coordination Center Xingyu Fu Institute of Information Engineering Chinese Academy of Sciences School of Cyber Security, University of Chinese Academy of Sciences DongZheng Jia National Computer network Emergency Response technical Team Coordination Center Yujia Zhu Institute of Information Engineering Chinese Academy of Sciences School of Cyber Security, University of Chinese Academy of Sciences Hang Wang Institute of Information Engineering, Chinese Academy of Sciences Qingyun Liu Institute of Information Engineering Chinese Academy of Sciences School of Cyber Security, University of Chinese Academy of Sciences
Conference: ICIC 2024 Posters, Tianjin, China, August 5-8, 2024
Pages: 839-850
Keywords: Spatial-temporal Snapshot Graph Learning, Attention Mechanism, Malicious Domain Identification.
DOI: 10.65286/icic.v20i1.71050

Abstract

The Internet is widely used for network attacks, such as phishing,
fraud, gambling, the spread of malware, and botnets. Domains play a crucial
role in attackers' network communication due to their low cost and flexibility.
Attackers frequently change or transfer malicious domains to evade detection,
making it challenging to capture complete associations between domains and
related resources. The inherent relationships among domains are difficult to
forge, for instance, stable connections exist between domain operators from the
same organization or between domains providing similar services. Recent
research has employed graph learning techniques, including bipartite graphs,
homogeneous graphs, and heterogeneous graphs, to integrate domain attributes
and association information for uncovering implicit relationships between
domains. However, approaches based on bipartite or homogeneous graphs have
limited association information, while methods based on heterogeneous graphs
require expert knowledge to design meta-paths and overlook the heterophilic
interactions of the domain association graph, where two associated domains
may not belong to the same label type. Furthermore, domains and related
resources are dynamic, with attributes and associations changing over time.
Previous methods have failed to consider the spatiotemporal characteristics. In
summary, malicious domain identification techniques require reduced reliance
on expert knowledge, consideration of the heterogeneity in graph networks, and
attention to the spatio and temporal dynamics of domains and associated
resources. In this paper, we propose a novel STMDF model for detecting
malicious domains, which utilizes RNN and attention modules to learn temporal
information, addressing the complex challenges in malicious domain
identification. To validate the effectiveness of our approach, we conduct
comprehensive comparisons with various existing detection models,
demonstrating the superiority of our method.
📄 View Full Paper (PDF) 📋 Show Citation