Robust Malicious Domain Detection

Nitay Hason, Amit Dvir, Chen Hajaj

نتاج البحث: فصل من :كتاب / تقرير / مؤتمرمنشور من مؤتمرمراجعة النظراء

7 اقتباسات (Scopus)

ملخص

Malicious domains are increasingly common and pose a severe cybersecurity threat. Specifically, many types of current cyber attacks use URLs for attack communications (e.g., C&C, phishing, and spear-phishing). Despite the continuous progress in detecting these attacks, many alarming problems remain open, such as the weak spots of the defense mechanisms. Because ML has become one of the most prominent methods of malware detection, we propose a robust feature selection mechanism that results in malicious domain detection models that are resistant to black-box evasion attacks. This paper makes two main contributions. Our mechanism exhibits high performance based on data collected from ~5000 benign active URLs and ~1350 malicious active (attacks) URLs. We also provide an analysis of robust feature selection based on widely used features in the literature. Note that even though we cut the feature set dimensional space in half (from nine to four features), we still improve the performance of the classifier (an increase in the model’s F1-score from 92.92% to 95.81%). The fact that our models are robust to malicious perturbations but are also useful for clean data demonstrates the effectiveness of constructing a model that is solely trained on robust features.

اللغة الأصليةالإنجليزيّة
عنوان منشور المضيفCyber Security Cryptography and Machine Learning - 4th International Symposium, CSCML 2020, Proceedings
المحررونShlomi Dolev, Gera Weiss, Vladimir Kolesnikov, Sachin Lodha
الصفحات45-61
عدد الصفحات17
المعرِّفات الرقمية للأشياء
حالة النشرنُشِر - 2020
الحدث4th International Symposium on Cyber Security Cryptography and Machine Learning, CSCML 2020 - Beersheba, إسرائيل
المدة: ٢ يوليو ٢٠٢٠٣ يوليو ٢٠٢٠

سلسلة المنشورات

الاسمLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
مستوى الصوت12161 LNCS
رقم المعيار الدولي للدوريات (المطبوع)0302-9743
رقم المعيار الدولي للدوريات (الإلكتروني)1611-3349

!!Conference

!!Conference4th International Symposium on Cyber Security Cryptography and Machine Learning, CSCML 2020
الدولة/الإقليمإسرائيل
المدينةBeersheba
المدة٢/٠٧/٢٠٣/٠٧/٢٠

بصمة

أدرس بدقة موضوعات البحث “Robust Malicious Domain Detection'. فهما يشكلان معًا بصمة فريدة.

قم بذكر هذا