Unsupervised malicious domain detection with less labeling effort
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Park, Kyung Ho | - |
dc.contributor.author | Song, Hyun Min | - |
dc.contributor.author | Yoo, Jeong Do | - |
dc.contributor.author | Hong, Su-Youn | - |
dc.contributor.author | Cho, Byoungmo | - |
dc.contributor.author | Kim, Kwangsoo | - |
dc.contributor.author | Kim, Huy Kang | - |
dc.date.accessioned | 2022-04-12T01:42:52Z | - |
dc.date.available | 2022-04-12T01:42:52Z | - |
dc.date.created | 2022-04-12 | - |
dc.date.issued | 2022-05 | - |
dc.identifier.issn | 0167-4048 | - |
dc.identifier.uri | https://scholar.korea.ac.kr/handle/2021.sw.korea/140070 | - |
dc.description.abstract | Since malware creates severe damage to the system, past studies leveraged various algorithms to detect malicious domains generated from Domain Generation Algorithms (DGAs). Although they achieved a promising performance, security practitioners had to acquire a large amount of fine-labeled dataset with a particular effort. Throughout the research, we propose a series of analysis to build a novel malicious domain detection method with the autoencoder in an unsupervised approach to overcome this limit. The contributions of our study are as follows. First, we proposed significant feature extraction methods that focused on the domain's linguistic patterns and validated the proposed set of features effectively discriminate benign domains and malicious domains. Second, we established a malicious domain detection method with the autoencoder only with benign domains provided during the model training. Thus, we let a security practitioner build a malicious domain detection model with less labeling effort. Third, the proposed malicious domain detection model achieved a precise detection performance of 99% accuracy and F1 score. Lastly, our model maintains the aforementioned detection performance, although it is trained with a small training set; thus, the model reduces training dataset accumulation effort. Although our detection model cannot identify malicious domains' origins, particular types of DGA, we evaluate security practitioners can easily implement a countermeasure against DGAs with less effort. In pursuit of precise malicious domain detection, we expect our study can be a concrete baseline for future works.(c) 2022 Elsevier Ltd. All rights reserved. | - |
dc.language | English | - |
dc.language.iso | en | - |
dc.publisher | ELSEVIER ADVANCED TECHNOLOGY | - |
dc.subject | DNS | - |
dc.title | Unsupervised malicious domain detection with less labeling effort | - |
dc.type | Article | - |
dc.contributor.affiliatedAuthor | Kim, Huy Kang | - |
dc.identifier.doi | 10.1016/j.cose.2022.102662 | - |
dc.identifier.scopusid | 2-s2.0-85125267925 | - |
dc.identifier.wosid | 000772604800004 | - |
dc.identifier.bibliographicCitation | COMPUTERS & SECURITY, v.116 | - |
dc.relation.isPartOf | COMPUTERS & SECURITY | - |
dc.citation.title | COMPUTERS & SECURITY | - |
dc.citation.volume | 116 | - |
dc.type.rims | ART | - |
dc.type.docType | Article | - |
dc.description.journalClass | 1 | - |
dc.description.journalRegisteredClass | scie | - |
dc.description.journalRegisteredClass | scopus | - |
dc.relation.journalResearchArea | Computer Science | - |
dc.relation.journalWebOfScienceCategory | Computer Science, Information Systems | - |
dc.subject.keywordPlus | DNS | - |
dc.subject.keywordAuthor | DGA detection | - |
dc.subject.keywordAuthor | Malicious domain detection | - |
dc.subject.keywordAuthor | Deep learning | - |
dc.subject.keywordAuthor | Unsupervised learning | - |
dc.subject.keywordAuthor | Autoencoder | - |
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.
145 Anam-ro, Seongbuk-gu, Seoul, 02841, Korea+82-2-3290-2963
COPYRIGHT © 2021 Korea University. All Rights Reserved.
Certain data included herein are derived from the © Web of Science of Clarivate Analytics. All rights reserved.
You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.