Skip to main content
Springer Nature Link
Log in

Malicious Domain Detection on Imbalanced Data with Deep Reinforcement Learning

  • Conference paper
  • First Online:
Neural Information Processing (ICONIP 2021)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 13111))

Included in the following conference series:

Abstract

Domain name system (DNS) is the key infrastructure of the Internet, yet has been deliberately abused by cyber attackers. Previous works detect malicious domain mainly based on the statistical features or the association features, which ignore the serialization impact and pay little attention to the imbalanced data problem. To address these problems, we propose a deep reinforcement learning based malicious domain detection model. We consider the malicious domain detection as a sequential decision process and employ Double Deep Q Network (DDQN) to address it. Furthermore, we devise a specific reward function to adapt to the imbalanced classification task. The specific reward function will guide the agent to learn the optimal classification policy. Extensive experiments are carried out on the real-world dataset, and experimental results demonstrate the effectiveness of our proposed method in detecting malicious domain in imbalanced DNS traffic.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Antonakakis, M., Perdisci, R., Dagon, D., Lee, W., Feamster, N.: Building a dynamic reputation system for dns. In: USENIX Security Symposium, pp. 273–290 (2010)

    Google Scholar 

  2. Bilge, L., Kirda, E., Kruegel, C., Balduzzi, M.: Exposure: finding malicious domains using passive dns analysis. In: Ndss, pp. 1–17 (2011)

    Google Scholar 

  3. Antonakakis, M., Perdisci, R., Lee, W., Vasiloglou, N., Dagon, D.: Detecting malware domains at the upper dns hierarchy. In: USENIX Security Symposium, vol. 11, pp. 1–16 (2011)

    Google Scholar 

  4. Schüppen, S., Teubert, D., Herrmann, P., Meyer, U.: Feature-based automated nxdomain classification and intelligence (2018)

    Google Scholar 

  5. Manadhata, P.K., Yadav, S., Rao, P., Horne, W.: Detecting malicious domains via graph inference. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8712, pp. 1–18. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11203-9_1

    Chapter  Google Scholar 

  6. Khalil, I., Yu, T., Guan, B.: Discovering malicious domains through passive dns data graph analysis. In: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, pp. 663–674 (2016)

    Google Scholar 

  7. Sun, X., Tong, M., Yang, J., Xinran, L., Heng, L.: Hindom: A robust malicious domain detection system based on heterogeneous information network with transductive classification. In: RAID, pp. 399–412 (2019)

    Google Scholar 

  8. Wang, S., Liu, W., Wu, J., Cao, L., Meng, Q., Kennedy, P.J.: Training deep neural networks on imbalanced data sets. In: 2016 International Joint Conference on Neural Networks (IJCNN), pp. 4368–4374. IEEE (2016)

    Google Scholar 

  9. Khan, S.H., Hayat, M., Bennamoun, M., Sohel, F.A., Togneri, R.: Cost-sensitive learning of deep feature representations from imbalanced data. IEEE Trans. Neural Netw. Learn. Syst. 29(8), 3573–3587 (2017)

    Google Scholar 

  10. Alexa top 1 million. https://aws.amazon.com/cn/alexa-top-sites/

  11. Malware domain block list. http://www.malwaredomains.com

  12. Phishtank. http://www.phishtank.com

  13. Scikit-learn. https://scikit-learn.org/

  14. Johnson, J.M., Khoshgoftaar, T.M.: Survey on deep learning with class imbalance. J. Big Data 6(1), 1–54 (2019). https://doi.org/10.1186/s40537-019-0192-5

    Article  Google Scholar 

  15. Liu, Z., Zeng, Y., Zhang, P., Xue, J., Zhang, J., Liu, J.: An imbalanced malicious domains detection method based on passive dns traffic analysis. Security and Communication Networks (2018)

    Google Scholar 

Download references

Acknowledgement

This work was partly supported by the National Key Research and Development Program Grant No. 2017YFC0820700, Strategic Priority Research Program of the Chinese Academy of Sciences under Grant No.XDC02030000.

Author information

Authors and Affiliations

  1. Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China

    Fangfang Yuan, Teng Tian, Yanmin Shang, Yuhai Lu, Yanbing Liu & Jianlong Tan

  2. University of Chinese Academy of Sciences, Beijing, China

    Teng Tian & Yanbing Liu

Authors
  1. Fangfang Yuan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Teng Tian
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yanmin Shang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yuhai Lu
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Yanbing Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Jianlong Tan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yanbing Liu .

Editor information

Editors and Affiliations

  1. Sampoerna University, Jakarta, Indonesia

    Teddy Mantoro

  2. Kyungpook National University, Daegu, Korea (Republic of)

    Minho Lee

  3. Sampoerna University, Jakarta, Indonesia

    Media Anugerah Ayu

  4. Murdoch University, Murdoch, WA, Australia

    Kok Wai Wong

  5. Universitas Indonesia, Depok, Indonesia

    Achmad Nizar Hidayanto

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Yuan, F., Tian, T., Shang, Y., Lu, Y., Liu, Y., Tan, J. (2021). Malicious Domain Detection on Imbalanced Data with Deep Reinforcement Learning. In: Mantoro, T., Lee, M., Ayu, M.A., Wong, K.W., Hidayanto, A.N. (eds) Neural Information Processing. ICONIP 2021. Lecture Notes in Computer Science(), vol 13111. Springer, Cham. https://doi.org/10.1007/978-3-030-92273-3_38

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-92273-3_38

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-92272-6

  • Online ISBN: 978-3-030-92273-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics