DomainDynamics: Lifecycle-Aware Risk Timeline Construction for Domain Names

• URL: http://arxiv.org/abs/2410.02096v2
• Date: Fri, 18 Oct 2024 02:59:13 GMT
• Title: DomainDynamics: Lifecycle-Aware Risk Timeline Construction for Domain Names
• Authors: Daiki Chiba, Hiroki Nakano, Takashi Koide,
• Abstract summary: DomainDynamics is a novel system designed to predict domain name risks by considering their lifecycle stages. In an experiment involving over 85,000 actual malicious domains from malware and phishing incidents, DomainDynamics achieved an 82.58% detection rate with a low false positive rate of 0.41%.
• Score: 2.6217304977339473
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: The persistent threat posed by malicious domain names in cyber-attacks underscores the urgent need for effective detection mechanisms. Traditional machine learning methods, while capable of identifying such domains, often suffer from high false positive and false negative rates due to their extensive reliance on historical data. Conventional approaches often overlook the dynamic nature of domain names, the purposes and ownership of which may evolve, potentially rendering risk assessments outdated or irrelevant. To address these shortcomings, we introduce DomainDynamics, a novel system designed to predict domain name risks by considering their lifecycle stages. DomainDynamics constructs a timeline for each domain, evaluating the characteristics of each domain at various points in time to make informed, temporal risk determinations. In an evaluation experiment involving over 85,000 actual malicious domains from malware and phishing incidents, DomainDynamics demonstrated a significant improvement in detection rates, achieving an 82.58\% detection rate with a low false positive rate of 0.41\%. This performance surpasses that of previous studies and commercial services, improving detection capability substantially.

Related papers

• MANTIS: Detection of Zero-Day Malicious Domains Leveraging Low Reputed Hosting Infrastructure [6.214359156708907]
  Existing detection mechanisms are either too late to catch such malicious domains due to limited information and their short life spans or unable to catch them due to evasive techniques such as cloaking and captcha. We build MANTIS, a system that not only generates daily blocklists of malicious domains but also is able to predict malicious domains on-demand. On average, our models achieve a precision of 99.7%, a recall of 86.9% with a very low false positive rate (FPR) of 0.1% and on average detects 19K new malicious domains per day.
  arXiv  Detail & Related papers  (2025-02-13T21:46:34Z)
• Registration, Detection, and Deregistration: Analyzing DNS Abuse for Phishing Attacks [2.160481692907504]
  Phishing continues to pose a significant cybersecurity threat. It is essential to address this fundamental challenge at the root, particularly in phishing domains. Domain registration presents a crucial intervention point, as domains serve as the primary gateway between users and websites.
  arXiv  Detail & Related papers  (2025-02-13T18:02:48Z)
• DomainLynx: Leveraging Large Language Models for Enhanced Domain Squatting Detection [2.6217304977339473]
  Domain squatting poses a significant threat to Internet security, with attackers employing increasingly sophisticated techniques. This study introduces DomainLynx, an innovative compound AI system leveraging Large Language Models (LLMs) for enhanced domain squatting detection. In a month-long real-world test, it detected 34,359 squatting domains from 2.09 million new domains, outperforming baseline methods by 2.5 times.
  arXiv  Detail & Related papers  (2024-10-02T23:32:09Z)
• Don't Get Hijacked: Prevalence, Mitigation, and Impact of Non-Secure DNS Dynamic Updates [1.135267457536642]
  DNS dynamic updates represent an inherently vulnerable mechanism. Non-secure DNS updates leave domains susceptible to a novel form of attack termed zone poisoning. We undertook a comprehensive campaign involving the notification of Computer Security Incident Response Teams.
  arXiv  Detail & Related papers  (2024-05-30T09:23:53Z)
• Domain Generalization via Causal Adjustment for Cross-Domain Sentiment Analysis [59.73582306457387]
  We focus on the problem of domain generalization for cross-domain sentiment analysis. We propose a backdoor adjustment-based causal model to disentangle the domain-specific and domain-invariant representations. A series of experiments show the great performance and robustness of our model.
  arXiv  Detail & Related papers  (2024-02-22T13:26:56Z)
• Unsupervised Domain Adaptation for Anatomical Landmark Detection [5.070344284426738]
  We propose a novel framework for anatomical landmark detection under the setting of unsupervised domain adaptation (UDA) The framework leverages self-training and domain adversarial learning to address the domain gap during adaptation. Our experiments on cephalometric and lung landmark detection show the effectiveness of the method, which reduces the domain gap by a large margin and outperforms other UDA methods consistently.
  arXiv  Detail & Related papers  (2023-08-25T10:22:13Z)
• Cross-Domain Policy Adaptation via Value-Guided Data Filtering [57.62692881606099]
  Generalizing policies across different domains with dynamics mismatch poses a significant challenge in reinforcement learning. We present the Value-Guided Data Filtering (VGDF) algorithm, which selectively shares transitions from the source domain based on the proximity of paired value targets.
  arXiv  Detail & Related papers  (2023-05-28T04:08:40Z)
• Context-aware Domain Adaptation for Time Series Anomaly Detection [69.3488037353497]
  Time series anomaly detection is a challenging task with a wide range of real-world applications. Recent efforts have been devoted to time series domain adaptation to leverage knowledge from similar domains. We propose a framework that combines context sampling and anomaly detection into a joint learning procedure.
  arXiv  Detail & Related papers  (2023-04-15T02:28:58Z)
• Out-of-Domain Robustness via Targeted Augmentations [90.94290420322457]
  We study principles for designing data augmentations for out-of-domain generalization. Motivated by theoretical analysis on a linear setting, we propose targeted augmentations. We show that targeted augmentations set new states-of-the-art for OOD performance by 3.2-15.2 percentage points.
  arXiv  Detail & Related papers  (2023-02-23T08:59:56Z)
• Domain-incremental Cardiac Image Segmentation with Style-oriented Replay and Domain-sensitive Feature Whitening [67.6394526631557]
  M&Ms should incrementally learn from each incoming dataset and progressively update with improved functionality as time goes by. In medical scenarios, this is particularly challenging as accessing or storing past data is commonly not allowed due to data privacy. We propose a novel domain-incremental learning framework to recover past domain inputs first and then regularly replay them during model optimization.
  arXiv  Detail & Related papers  (2022-11-09T13:07:36Z)
• Improving Fake News Detection of Influential Domain via Domain- and Instance-Level Transfer [16.886024206337257]
  We propose a Domain- and Instance-level Transfer Framework for Fake News Detection (DITFEND) DITFEND could improve the performance of specific target domains. Online experiments show that it brings additional improvements over the base models in a real-world scenario.
  arXiv  Detail & Related papers  (2022-09-19T10:21:13Z)
• Forget Less, Count Better: A Domain-Incremental Self-Distillation Learning Benchmark for Lifelong Crowd Counting [51.44987756859706]
  Off-the-shelf methods have some drawbacks to handle multiple domains. Lifelong Crowd Counting aims at alleviating the catastrophic forgetting and improving the generalization ability.
  arXiv  Detail & Related papers  (2022-05-06T15:37:56Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.