Skip to main content
Article
A Malicious Domains Detection Method Based on File Sandbox Traffic
IEEE Network
  • Daojing He, Harbin Institute of Technology, Shenzhen, China & East China Normal University, Shanghai, China
  • Jiayu Dai, East China Normal University, Shanghai, China
  • Hongile Gu, East China Normal University, Shanghai, China
  • Shanshan Zhu, East China Normal University, Shanghai, China
  • Sammy Chan, City University of Hong Kong
  • Jingyong Su, Harbin Institute of Technology, Shenzhen, China
  • Mohsen Guizani, Mohamed bin Zayed University of Artificial Intelligence
Document Type
Article
Abstract

With the recent increasing number of malicious cyber activities using domain names as attack vectors, malicious domains must be detected and blocked in order to combat cyber attackers. However, current studies of malicious domains detection are limited to Domain Name System (DNS) traffic features or character features, which ignore the associations of malware and malicious domains in the detection. In this paper, we propose a malicious domains detection approach based on domain relationship features extracted from real sandbox traffic. We construct heterogeneous graphs based on sandbox traffic and use the Relational Graph Convolutional Network (RGCN) to build detection models to extract inter-node relationship features. Experiments are conducted using data extracted from real sandbox traffic, and our approach achieves an accuracy of 87.11%. The experimental results demonstrate the effectiveness of using relationship features extracted from sandbox traffic for malicious domains detection. IEEE

DOI
10.1109/MNET.127.2200280
Publication Date
10-25-2022
Keywords
  • Blocklists,
  • Data mining,
  • Feature extraction,
  • IP networks,
  • Task analysis,
  • Uniform resource locators,
  • Viruses (medical)
Comments

IR Deposit conditions:

OA version (pathway a) Accepted version

No embargo

When accepted for publication, set statement to accompany deposit (see policy)

Must link to publisher version with DOI

Publisher copyright and source must be acknowledged

Citation Information
D. He et al., "A Malicious Domains Detection Method Based on File Sandbox Traffic," in IEEE Network, , October 2022, doi: 10.1109/MNET.127.2200280.