SpringerLink
Log in

Semi-supervised Malicious Domain Detection Based on Meta Pseudo Labeling

  • Conference paper
  • First Online:
Computational Science – ICCS 2024 (ICCS 2024)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14833))

Included in the following conference series:

  • 94 Accesses

Abstract

The Domain Name System (DNS) is a crucial infrastructure of the Internet, yet it is also a primary medium for disseminating illicit content. Researchers have proposed numerous methods to detect malicious domains, with association-based approaches achieving relatively good performance. However, these methods encounter limitations in detecting malicious domains within isolated nodes and heavily relying on labeled data to improve performance. In this paper, we propose a semi-supervised malicious domain detection model named SemiDom, which is based on meta pseudo labeling. Firstly, we use associations among DNS entities to construct a semantically enriched domain association graph. In particular, we retain isolated nodes within the dataset that lack relationships with other entities. Secondly, a teacher network computes pseudo labels on the unlabeled nodes, which effectively augments the scarce labeled data. A student network utilizes these pseudo labels to transform both the structure and attribute features to domain labels. Finally, the teacher network is constantly optimized based on the student’s performance feedback on the labeled nodes, enabling the generation of more precise pseudo labels. Extensive experiments on the real-world DNS dataset demonstrate that our proposed method outperforms the state-of-the-art methods.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
EUR 29.95
Price includes VAT (Germany)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
EUR 128.39
Price includes VAT (Germany)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
EUR 70.61
Price includes VAT (Germany)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free ship** worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. alexa-top-sites (2022). https://aws.amazon.com/cn/alexa-top-sites/

  2. Anudeepnd (2022). https://github.com/anudeepND/blacklist

  3. Coinblockerlists (2022). https://gitlab.com/ZeroDot1/CoinBlockerLists

  4. Malware domain block list (2022). http://www.malwaredomains.com/

  5. Phishtank (2022). http://www.phishtank.com/

  6. Anderson, H.S., Woodbridge, J., Filar, B.: Deepdga: adversarially-tuned domain generation and detection. In: Freeman, D.M., Mitrokotsa, A., Sinha, A. (eds.) Proceedings of the 2016 ACM Workshop on Artificial Intelligence and Security, pp. 13–21. ACM (2016)

    Google Scholar 

  7. Antonakakis, M., Perdisci, R., Dagon, D., Lee, W., Feamster, N.: Building a dynamic reputation system for DNS. In: 19th USENIX Security Symposium (USENIX Security 2010) (2010)

    Google Scholar 

  8. Bilge, L., Sen, S., Balzarotti, D., Kirda, E., Kruegel, C.: Exposure: a passive DNS analysis service to detect and report malicious domains. ACM Trans. Inf. Syst. Secur. (TISSEC) 16(4), 1–28 (2014)

    Article  Google Scholar 

  9. Chin, T., **ong, K., Hu, C., Li, Y.: A machine learning framework for studying domain generation algorithm (DGA)-based malware. In: International Conference on Security and Privacy in Communication Systems (2018)

    Google Scholar 

  10. Ding, K., Wang, J., Caverlee, J., Liu, H.: Meta propagation networks for graph few-shot semi-supervised learning (2021)

    Google Scholar 

  11. Grill, M., Nikolaev, I., Valeros, V., Rehak, M.: Detecting DGA malware using netflow. In: 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM), pp. 1304–1309. IEEE (2015)

    Google Scholar 

  12. He, W., Gou, G., Kang, C., Liu, C., **ong, G.: Malicious domain detection via domain relationship and graph models. IEEE (2019)

    Google Scholar 

  13. Khalil, I., Yu, T., Guan, B.: Discovering malicious domains through passive DNS data graph analysis. In: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, pp. 663–674 (2016)

    Google Scholar 

  14. Kipf, T.N., Welling, M.: Semi-supervised classification with graph convolutional networks. ar**v preprint ar**v:1609.02907 (2016)

  15. Peng, C., Yun, X., Zhang, Y., Li, S.: Malshoot: shooting malicious domains through graph embedding on passive DNS data. In: Collaborative Computing (2018)

    Google Scholar 

  16. Peng, T., Chiu, T., Pang, A., Tail, W.: Synfmpl: a federated meta pseudo labeling framework with synergetic strategy. In: IEEE International Conference on Communications, ICC 2023, Rome, Italy, 28 May–1 June 2023 (2023)

    Google Scholar 

  17. Pham, H., Dai, Z., **e, Q., Le, Q.V.: Meta pseudo labels. In: IEEE Conference on Computer Vision and Pattern Recognition, CVPR 2021, virtual, 19–25 June 2021 (2021)

    Google Scholar 

  18. Sato, K., Ishibashi, K., Toyono, T., Hasegawa, H., Yoshino, H.: Extending black domain name list by using co-occurrence relation between DNS queries. IEICE Trans. Commun. 95(3), 794–802 (2012)

    Article  Google Scholar 

  19. Schüppen, S., Teubert, D., Herrmann, P., Meyer, U.: \(\{\)FANCI\(\}\): feature-based automated \(\{\)NXDomain\(\}\) classification and intelligence. In: 27th USENIX Security Symposium (USENIX Security 2018), pp. 1165–1181 (2018)

    Google Scholar 

  20. Shi, Y., Chen, G., Li, J.: Malicious domain name detection based on extreme machine learning. Neural Process. Lett. 48(3), 1347–1357 (2018)

    Article  Google Scholar 

  21. Sun, X., Tong, M., Yang, J., **nran, L., Heng, L.: \(\{\)HinDom\(\}\): a robust malicious domain detection system based on heterogeneous information network with transductive classification. In: 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2019), pp. 399–412 (2019)

    Google Scholar 

  22. Sun, X., Wang, Z., Yang, J., Liu, X.: Deepdom: malicious domain detection with scalable and heterogeneous graph convolutional networks. Comput. Secur. 99, 102057 (2020)

    Article  Google Scholar 

  23. Wang, Q., et al.: Handom: heterogeneous attention network model for malicious domain detection. Comput. Secur. 125, 103059 (2023)

    Article  Google Scholar 

  24. Zhang, S., et al.: Attributed heterogeneous graph neural network for malicious domain detection. In: 2021 IEEE 24th International Conference on Computer Supported Cooperative Work in Design (CSCWD), pp. 397–403. IEEE (2021)

    Google Scholar 

  25. Zhao, S., Yu, Z., Wang, X., Marbach, T.G., Wang, G., Liu, X.: Meta pseudo labels for anomaly detection via partially observed anomalies. In: Database Systems for Advanced Applications - 28th International Conference, DASFAA 2023, Tian**, China, 17–20 April 2023, Proceedings, Part IV (2023)

    Google Scholar 

  26. Zhou, Q., Li, K., Duan, L.: Recommendation attack detection based on improved meta pseudo labels. Knowl. Based Syst. 279, 110931 (2023)

    Article  Google Scholar 

  27. Zhu, X.: Learning from labeled and unlabeled data with label propagation. Tech Report (2002)

    Google Scholar 

Download references

Acknowledgment

This work is supported by **njiang Uygur Autonomous Region key research and development program (No. 2022B03010).

Author information

Authors and Affiliations

  1. Institute of Information Engineering, Chinese Academy of Sciences, Bei**g, China

    Yi Gao, Fangfang Yuan, Dakui Wang, Cong Cao & Yanbing Liu

  2. School of Cyber Security, University of Chinese Academy of Sciences, Bei**g, China

    Yi Gao

  3. National Computer network Emergency Response Technical Team/Coordination Center of China (CNCERT/CC), Bei**g, China

    **glin Yang

Authors
  1. Yi Gao
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Fangfang Yuan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. **glin Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Dakui Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Cong Cao
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Yanbing Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Fangfang Yuan or Yanbing Liu .

Editor information

Editors and Affiliations

  1. University of Malaga, Malaga, Spain

    Leonardo Franco

  2. University of Amsterdam, Amsterdam, The Netherlands

    Clélia de Mulatier

  3. AGH University of Science and Technology, Krakow, Poland

    Maciej Paszynski

  4. University of Amsterdam, Amsterdam, The Netherlands

    Valeria V. Krzhizhanovskaya

  5. University of Tennessee, Knoxville, TN, USA

    Jack J. Dongarra

  6. University of Amsterdam, Amsterdam, The Netherlands

    Peter M. A. Sloot

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Gao, Y., Yuan, F., Yang, J., Wang, D., Cao, C., Liu, Y. (2024). Semi-supervised Malicious Domain Detection Based on Meta Pseudo Labeling. In: Franco, L., de Mulatier, C., Paszynski, M., Krzhizhanovskaya, V.V., Dongarra, J.J., Sloot, P.M.A. (eds) Computational Science – ICCS 2024. ICCS 2024. Lecture Notes in Computer Science, vol 14833. Springer, Cham. https://doi.org/10.1007/978-3-031-63751-3_21

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-63751-3_21

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-63753-7

  • Online ISBN: 978-3-031-63751-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation