Abstract
The detection of malicious domains often relies on machine learning (ML), and proposals for browser-based detection of malicious domains with high throughput have been put forward in recent years. However, existing methods suffer from limited accuracy. In this paper, we present MADONNA, a novel browser-based detector for malicious domains that surpasses the current state-of-the-art in both accuracy and throughput. Our technical contributions include optimized feature selection through correlation analysis, and the incorporation of various model optimization techniques like pruning and quantization, to enhance MADONNA’s throughput while maintaining accuracy. We conducted extensive experiments and found that our optimized architecture, the Shallow Neural Network (SNN), achieved higher accuracy than standard architectures. Furthermore, we developed and evaluated MADONNA’s Google Chrome extension, which outperformed existing methods in terms of accuracy and F1-score by six points (achieving 0.94) and four points (achieving 0.92), respectively, while maintaining a higher throughput improvement of 0.87 s. Our evaluation demonstrates that MADONNA is capable of precisely detecting malicious domains, even in real-world deployments.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Abdelnabi, S., Krombholz, K., Fritz, M.: VisualPhishNet: zero-day phishing website detection by visual similarity. In: Proceedings of CCS 2020, pp. 1681–1698. ACM (2020)
Alhogail, A.A., Al-Turaiki, I.: Improved detection of malicious domain names using gradient boosted machines and feature engineering. Inf. Technol. Control 51(2), 313–331 (2022)
Ariyadasa, S., Fernando, S., Fernando, S.: Combining long-term recurrent convolutional and graph convolutional networks to detect phishing sites using URL and HTML. IEEE Access 10, 82355–82375 (2022). https://doi.org/10.1109/ACCESS.2022.3196018
Berman, D.S.: DGA CapsNet: 1D application of capsule networks to DGA detection. Information 10(5), 157 (2019)
Chien, C.J., Yanai, N., Okamura, S.: Design of malicious domain detection dataset for network security (2021). http://www-infosec.ist.osaka-u.ac.jp/~yanai/dataset.pdf
Mohith Gowda, H.R., Adithya, M.V., Gunesh Prasad, S., Vinay, S.: Development of anti-phishing browser based on random forest and rule of extraction framework. Cybersecurity 3(1), 1–20 (2020)
Huang, Y., Qiao, X., Dustdar, S., Li, Y.: AoDNN: an auto-offloading approach to optimize deep inference for fostering mobile web. In: Proceedings of INFOCOM 2022, pp. 2198–2207 (2022)
Idelbayev, Y., Carreira-Perpinan, M.A.: An empirical comparison of quantization, pruning and low-rank neural network compression using the LC toolkit. In: 2021 International Joint Conference on Neural Networks (IJCNN), pp. 1–8 (2021). https://doi.org/10.1109/IJCNN52387.2021.9533730
Iwahana, K., et al.: MADMAX: browser-based malicious domain detection through extreme learning machine. IEEE Access 9, 78293–78314 (2021)
Li, T., Kou, G., Peng, Y.: Improving malicious URLs detection via feature engineering: Linear and nonlinear space transformation methods. Inf. Syst. 91, 101494 (2020)
Morell, J.A., Camero, A., Alba, E.: JSDoop and TensorFlow.js: volunteer distributed web browser-based neural network training. IEEE Access 7, 158671–158684 (2019)
Palaniappan, G., Sangeetha, S., Rajendran, B., Sanjay, Goyal, S., Bindhumadhava, B.S.: Malicious domain detection using machine learning on domain name features, host-based features and web-based features. Procedia Comput. Sci. 171, 654–661 (2020)
Rajapaksha, S., Kalutarage, H., Al-Kadri, M.O., Petrovski, A., Madzudzo, G., Cheah, M.: AI-based intrusion detection systems for in-vehicle networks: a survey. ACM Comput. Surv. 55(11), 1–40 (2023). https://doi.org/10.1145/3570954
Rupa, C., Srivastava, G., Bhattacharya, S., Reddy, P., Gadekallu, T.R.: A machine learning driven threat intelligence system for malicious URL detection. In: Proceedings of ARES 2021, pp. 1–7. ACM (2021)
Saleem Raja, A., Vinodini, R., Kavitha, A.: Lexical features based malicious URL detection using machine learning techniques. Mater. Today Proc. 47, 163–166 (2021)
Senanayake, J., Kalutarage, H., Al-Kadri, M.O.: Android mobile malware detection using machine learning: a systematic review. Electronics 10(13), 1606 (2021). https://doi.org/10.3390/electronics10131606. https://www.mdpi.com/2079-9292/10/13/1606
Senanayake, J., Kalutarage, H., Al-Kadri, M.O., Petrovski, A., Piras, L.: Android source code vulnerability detection: a systematic literature review. ACM Comput. Surv. 55(9), 1–37 (2023). https://doi.org/10.1145/3556974
Shabudin, S., Sani, N.S., Ariffin, K.A.Z., Aliff, M.: Feature selection for phishing website classification. Int. J. Adv. Comput. Sci. Appl. 11(4), 587–595 (2020)
Shi, Y., Chen, G., Li, J.: Malicious domain name detection based on extreme machine learning. Neural Process. Lett. 48(3), 1347–1357 (2018)
Smilkov, D., et al.: TensorFlow.js: machine learning for the web and beyond (2019). https://doi.org/10.48550/ARXIV.1901.05350. https://arxiv.org/abs/1901.05350
Sun, X., Tong, M., Yang, J., Xinran, L., Heng, L.: HinDom: a robust malicious domain detection system based on heterogeneous information network with transductive classification. In: Proceedings of RAID 2019, pp. 399–412. USENIX Association (2019)
Sun, X., Yang, J., Wang, Z., Liu, H.: HGDom: heterogeneous graph convolutional networks for malicious domain detection. In: Proceedings of NOMS 2020, pp. 1–9. IEEE (2020)
Tang, L., Mahmoud, Q.H.: A survey of machine learning-based solutions for phishing website detection. Mach. Learn. Knowl. Extr. 3(3), 672–694 (2021)
Vadera, S., Ameen, S.: Methods for pruning deep neural networks. IEEE Access 10, 63280–63300 (2022). https://doi.org/10.1109/ACCESS.2022.3182659
Vinayakumar, R., Soman, K., Poornachandran, P.: Detecting malicious domain names using deep learning approaches at scale. J. Intell. Fuzzy Syst. 34(3), 1355–1367 (2018)
Yahya, F., et al.: Detection of phising websites using machine learning approaches. In: Proceedings of ICoDSA 2021, pp. 40–47. IEEE (2021)
Yang, L., Liu, G., Dai, Y., Wang, J., Zhai, J.: Detecting stealthy domain generation algorithms using heterogeneous deep neural network framework. IEEE Access 8, 82876–82889 (2020)
Yu, B., Pan, J., Hu, J., Nascimento, A., De Cock, M.: Character level based detection of DGA domain names. In: Proceedings of IJCNN 2018, pp. 1–8. IEEE (2018)
Yu, T., Zhauniarovich, Y., Khalil, I., Dacier, M.: A survey on malicious domains detection through DNS data analysis. ACM Comput. Surv. 51(4), 1–36 (2018)
Zabihimayvan, M., Doran, D.: Fuzzy rough set feature selection to enhance phishing attack detection. In: Proceedings of FUZZ-IEEE 2019, pp. 1–6. IEEE (2019). https://doi.org/10.1109/FUZZ-IEEE.2019.8858884
Zamir, A., et al.: Phishing web site detection using diverse machine learning algorithms. Electron. Libr. 38(1), 65–80 (2020)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 IFIP International Federation for Information Processing
About this paper
Cite this paper
Senanayake, J., Rajapaksha, S., Yanai, N., Komiya, C., Kalutarage, H. (2024). MADONNA: Browser-Based MAlicious Domain Detection Through Optimized Neural Network with Feature Analysis. In: Meyer, N., Grocholewska-Czuryło, A. (eds) ICT Systems Security and Privacy Protection. SEC 2023. IFIP Advances in Information and Communication Technology, vol 679. Springer, Cham. https://doi.org/10.1007/978-3-031-56326-3_20
Download citation
DOI: https://doi.org/10.1007/978-3-031-56326-3_20
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-56325-6
Online ISBN: 978-3-031-56326-3
eBook Packages: Computer ScienceComputer Science (R0)
