Malicious Domain Name Detection Based on Extreme Machine Learning

Malicious domain detection is one of the most effective approaches applied in detecting Advanced Persistent Threat (APT), the most sophisticated and stealthy threat to modern network. Domain name analysis provides security experts with insights to identify the Command and Control (C&C) communications in APT attacks. In this paper, we propose a machine learning based methodology to detect malware domain names by using Extreme Learning Machine (ELM). ELM is a modern neural network with high accuracy and fast learning speed. We apply ELM to classify domain names based on features extracted from multiple resources. Our experiment reveals the introduced detection method is able to perform high detection rate and accuracy (of more than 95%). The fast learning speed of our ELM based approach is also demonstrated by a comparative experiment. Hence, we believe our method using ELM is both effective and efficient to identify malicious domains and therefore enhance the current detection mechanism of APT attacks.

[1]  Martin Rehák,et al.  Detecting DGA malware using NetFlow , 2015, 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM).

[2]  Chee Kheong Siew,et al.  Extreme learning machine: Theory and applications , 2006, Neurocomputing.

[3]  Keisuke Ishibashi,et al.  Extending Black Domain Name List by Using Co-occurrence Relation between DNS Queries , 2010, LEET.

[4]  Bo Zhang,et al.  Fast-Flux Botnet Detection Based on Weighted SVM , 2012 .

[5]  Yue Gao,et al.  Event Classification in Microblogs via Social Tracking , 2017, ACM Trans. Intell. Syst. Technol..

[6]  Rahmat Budiarto,et al.  A survey on real world botnets and detection mechanisms , 2014 .

[7]  Zou Futai,et al.  Hybrid detection and tracking of fast-flux botnet on domain name system traffic , 2013, China Communications.

[8]  Christos Faloutsos,et al.  Polonium: Tera-Scale Graph Mining for Malware Detection , 2013 .

[9]  Claude E. Shannon,et al.  The mathematical theory of communication , 1950 .

[10]  Jianfang Li,et al.  The study of APT attack stage model , 2016, 2016 IEEE/ACIS 15th International Conference on Computer and Information Science (ICIS).

[11]  Reza Azmi,et al.  Botnet Detection using NetFlow and Clustering , 2014 .

[12]  Sandeep Yadav,et al.  Detecting Malicious Domains via Graph Inference , 2014, ESORICS.

[13]  Yue Gao,et al.  Filtering of Brand-Related Microblogs Using Social-Smooth Multiview Embedding , 2016, IEEE Transactions on Multimedia.

[14]  Hui Sun,et al.  A New Method for Balancing the Fluctuation of Wind Power by a Hybrid Energy Storage System , 2012 .

[15]  Heejo Lee,et al.  GMAD: Graph-based Malware Activity Detection by DNS traffic analysis , 2014, Comput. Commun..

[16]  Thomas P. Brisco DNS Support for Load Balancing , 1995, RFC.

[17]  Adam Kozakiewicz,et al.  Analysis of the Similarities in Malicious DNS Domain Names , 2011 .

[18]  Leyla Bilge,et al.  EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis , 2011, NDSS.

[19]  Sang Joon Kim,et al.  A Mathematical Theory of Communication , 2006 .

[20]  Lorenzo Martignoni,et al.  FluXOR: Detecting and Monitoring Fast-Flux Service Networks , 2008, DIMVA.

[21]  Lawrence K. Saul,et al.  Beyond blacklists: learning to detect malicious web sites from suspicious URLs , 2009, KDD.

[22]  Liang Shi,et al.  A Hybrid Learning from Multi-behavior for Malicious Domain Detection on Enterprise Network , 2015, 2015 IEEE International Conference on Data Mining Workshop (ICDMW).

[23]  Václav Přenosil,et al.  Advanced Persistent Threat Attack Detection: An Overview , 2014 .

[24]  Yue Gao,et al.  Large-Scale Cross-Modality Search via Collective Matrix Factorization Hashing , 2016, IEEE Transactions on Image Processing.

[25]  Igor Mashechkin,et al.  Machine learning methods for analyzing user behavior when accessing text data in information security problems , 2016 .

[26]  Guang-Bin Huang,et al.  What are Extreme Learning Machines? Filling the Gap Between Frank Rosenblatt’s Dream and John von Neumann’s Puzzle , 2015, Cognitive Computation.