Robust Malicious Domain Detection

Nitay Hason, Amit Dvir, Chen Hajaj

פרסום מחקרי: פרק בספר / בדוח / בכנספרסום בספר כנסביקורת עמיתים

7 ציטוטים ‏(Scopus)

תקציר

Malicious domains are increasingly common and pose a severe cybersecurity threat. Specifically, many types of current cyber attacks use URLs for attack communications (e.g., C&C, phishing, and spear-phishing). Despite the continuous progress in detecting these attacks, many alarming problems remain open, such as the weak spots of the defense mechanisms. Because ML has become one of the most prominent methods of malware detection, we propose a robust feature selection mechanism that results in malicious domain detection models that are resistant to black-box evasion attacks. This paper makes two main contributions. Our mechanism exhibits high performance based on data collected from ~5000 benign active URLs and ~1350 malicious active (attacks) URLs. We also provide an analysis of robust feature selection based on widely used features in the literature. Note that even though we cut the feature set dimensional space in half (from nine to four features), we still improve the performance of the classifier (an increase in the model’s F1-score from 92.92% to 95.81%). The fact that our models are robust to malicious perturbations but are also useful for clean data demonstrates the effectiveness of constructing a model that is solely trained on robust features.

שפה מקוריתאנגלית
כותר פרסום המארחCyber Security Cryptography and Machine Learning - 4th International Symposium, CSCML 2020, Proceedings
עורכיםShlomi Dolev, Gera Weiss, Vladimir Kolesnikov, Sachin Lodha
עמודים45-61
מספר עמודים17
מזהי עצם דיגיטלי (DOIs)
סטטוס פרסוםפורסם - 2020
אירוע4th International Symposium on Cyber Security Cryptography and Machine Learning, CSCML 2020 - Beersheba, ישראל
משך הזמן: 2 יולי 20203 יולי 2020

סדרות פרסומים

שםLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
כרך12161 LNCS
ISSN (מודפס)0302-9743
ISSN (אלקטרוני)1611-3349

כנס

כנס4th International Symposium on Cyber Security Cryptography and Machine Learning, CSCML 2020
מדינה/אזורישראל
עירBeersheba
תקופה2/07/203/07/20

טביעת אצבע

להלן מוצגים תחומי המחקר של הפרסום 'Robust Malicious Domain Detection'. יחד הם יוצרים טביעת אצבע ייחודית.

פורמט ציטוט ביבליוגרפי