Abstract
As one of the most important basic services of the Internet, the domain name system is abused by attackers for various malicious activities. Malicious domain detection is a key technology against attackers. Previous works mainly employ manually selected features to detect malicious domains which are easily evaded by attackers. In this paper, we propose a novel malicious domain detection system with heterogeneous graph propagation network, named HGPNDom, which can jointly consider the global relationship and higher-order features of domains. In HGPNDom, we first model the DNS scene as a heterogeneous information network (HIN) to capture rich information. Then, we propose a heterogeneous graph propagation network (HGPN) to classify domain nodes in the HIN, including semantic propagation mechanism and semantic fusion mechanism. The semantic propagation mechanism can spread information through more layers and learn higher-order domain features, while the semantic fusion mechanism can learn the importance of different meta-paths and fuse them for classification. Experimental results on the real DNS dataset show that HGPNDom outperforms other state-of-the-art methods.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Antonakakis, M., Perdisci, R., Dagon, D., Lee, W., Feamster, N.: Building a dynamic reputation system for \(\{\)DNS\(\}\). In: 19th USENIX Security Symposium (USENIX Security 10) (2010)
Antonakakis, M., Perdisci, R., Lee, W., Vasiloglou II, N., Dagon, D.: Detecting malware domains at the upper \(\{\)DNS\(\}\) hierarchy. In: 20th USENIX Security Symposium (USENIX Security 11) (2011)
Bilge, L., Kirda, E., Kruegel, C., Balduzzi, M.: Exposure: finding malicious domains using passive DNS analysis. In: Ndss, pp. 1–17 (2011)
Dong, Y., Chawla, N.V., Swami, A.: metapath2vec: scalable representation learning for heterogeneous networks. In: Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 135–144 (2017)
Grill, M., Nikolaev, I., Valeros, V., Rehak, M.: Detecting DGA malware using NetFlow. In: 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM), pp. 1304–1309. IEEE (2015)
Hu, Z., Dong, Y., Wang, K., Sun, Y.: Heterogeneous graph transformer. In: Proceedings of the Web Conference 2020, pp. 2704–2710 (2020)
Khalil, I., Yu, T., Guan, B.: Discovering malicious domains through passive DNS data graph analysis. In: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, pp. 663–674 (2016)
Klicpera, J., Bojchevski, A., Günnemann, S.: Predict then propagate: graph neural networks meet personalized pagerank. arXiv preprint arXiv:1810.05997 (2018)
Manadhata, P.K., Yadav, S., Rao, P., Horne, W.: Detecting malicious domains via graph inference. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8712, pp. 1–18. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11203-9_1
Sato, K., Ishibashi, K., Toyono, T., Hasegawa, H., Yoshino, H.: Extending black domain name list by using co-occurrence relation between DNS queries. IEICE Trans. Commun. 95(3), 794–802 (2012)
Schüppen, S., Teubert, D., Herrmann, P., Meyer, U.: \(\{\)FANCI\(\}\): feature-based automated \(\{\)NXDomain\(\}\) classification and intelligence. In: 27th USENIX Security Symposium (USENIX Security 18), pp. 1165–1181 (2018)
Shi, C., Hu, B., Zhao, W.X., Philip, S.Y.: Heterogeneous information network embedding for recommendation. IEEE Trans. Knowl. Data Eng. 31(2), 357–370 (2018)
Sun, X., Wang, Z., Yang, J., Liu, X.: Deepdom: malicious domain detection with scalable and heterogeneous graph convolutional networks. Comput. Secur. 99, 102057 (2020)
Sun, X., Yang, J., Wang, Z., Liu, H.: HGDom: heterogeneous graph convolutional networks for malicious domain detection. In: NOMS 2020 IEEE/IFIP Network Operations and Management Symposium, pp. 1–9. IEEE (2020)
Veličković, P., Cucurull, G., Casanova, A., Romero, A., Lio, P., Bengio, Y.: Graph attention networks. arXiv preprint arXiv:1710.10903 (2017)
Wang, X., et al.: Heterogeneous graph attention network. In: The World Wide Web Conference, pp. 2022–2032 (2019)
Acknowledgements
This work was partly supported by Strategic Priority Research Program of the Chinese Academy of Sciences under Grant No. XDC02030000.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Hu, C., Yuan, F., Liu, Y., Cao, C., Zhang, C., Tan, J. (2022). Malicious Domain Detection with Heterogeneous Graph Propagation Network. In: Wang, L., Segal, M., Chen, J., Qiu, T. (eds) Wireless Algorithms, Systems, and Applications. WASA 2022. Lecture Notes in Computer Science, vol 13471. Springer, Cham. https://doi.org/10.1007/978-3-031-19208-1_45
Download citation
DOI: https://doi.org/10.1007/978-3-031-19208-1_45
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-19207-4
Online ISBN: 978-3-031-19208-1
eBook Packages: Computer ScienceComputer Science (R0)