Abstract
AbstractAs one of the most important basic services of the Internet, the domain name system is abused by attackers for various malicious activities. Malicious domain detection is a key technology against attackers. Previous works mainly employ manually selected features to detect malicious domains which are easily evaded by attackers. In this paper, we propose a novel malicious domain detection system with heterogeneous graph propagation network, named HGPNDom, which can jointly consider the global relationship and higher-order features of domains. In HGPNDom, we first model the DNS scene as a heterogeneous information network (HIN) to capture rich information. Then, we propose a heterogeneous graph propagation network (HGPN) to classify domain nodes in the HIN, including semantic propagation mechanism and semantic fusion mechanism. The semantic propagation mechanism can spread information through more layers and learn higher-order domain features, while the semantic fusion mechanism can learn the importance of different meta-paths and fuse them for classification. Experimental results on the real DNS dataset show that HGPNDom outperforms other state-of-the-art methods.KeywordsMalicious domain detectionHeterogeneous graph neural networkHeterogeneous information network
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
