Saved in:
Bibliographic Details
Main Authors: Chiba, Daiki, Nakano, Hiroki, Koide, Takashi
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2410.02096
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866909503271731200
author Chiba, Daiki
Nakano, Hiroki
Koide, Takashi
author_facet Chiba, Daiki
Nakano, Hiroki
Koide, Takashi
contents The persistent threat posed by malicious domain names in cyber-attacks underscores the urgent need for effective detection mechanisms. Traditional machine learning methods, while capable of identifying such domains, often suffer from high false positive and false negative rates due to their extensive reliance on historical data. Conventional approaches often overlook the dynamic nature of domain names, the purposes and ownership of which may evolve, potentially rendering risk assessments outdated or irrelevant. To address these shortcomings, we introduce DomainDynamics, a novel system designed to predict domain name risks by considering their lifecycle stages. DomainDynamics constructs a timeline for each domain, evaluating the characteristics of each domain at various points in time to make informed, temporal risk determinations. In an evaluation experiment involving over 85,000 actual malicious domains from malware and phishing incidents, DomainDynamics demonstrated a significant improvement in detection rates, achieving an 82.58\% detection rate with a low false positive rate of 0.41\%. This performance surpasses that of previous studies and commercial services, improving detection capability substantially.
format Preprint
id arxiv_https___arxiv_org_abs_2410_02096
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle DomainDynamics: Lifecycle-Aware Risk Timeline Construction for Domain Names
Chiba, Daiki
Nakano, Hiroki
Koide, Takashi
Cryptography and Security
The persistent threat posed by malicious domain names in cyber-attacks underscores the urgent need for effective detection mechanisms. Traditional machine learning methods, while capable of identifying such domains, often suffer from high false positive and false negative rates due to their extensive reliance on historical data. Conventional approaches often overlook the dynamic nature of domain names, the purposes and ownership of which may evolve, potentially rendering risk assessments outdated or irrelevant. To address these shortcomings, we introduce DomainDynamics, a novel system designed to predict domain name risks by considering their lifecycle stages. DomainDynamics constructs a timeline for each domain, evaluating the characteristics of each domain at various points in time to make informed, temporal risk determinations. In an evaluation experiment involving over 85,000 actual malicious domains from malware and phishing incidents, DomainDynamics demonstrated a significant improvement in detection rates, achieving an 82.58\% detection rate with a low false positive rate of 0.41\%. This performance surpasses that of previous studies and commercial services, improving detection capability substantially.
title DomainDynamics: Lifecycle-Aware Risk Timeline Construction for Domain Names
topic Cryptography and Security
url https://arxiv.org/abs/2410.02096