DomainDynamics: Lifecycle-Aware Risk Timeline Construction for Domain Names

• Published in: arXiv.org
• Main Authors: Chiba, Daiki, Nakano, Hiroki, Koide, Takashi
• Format: Paper
• Language: English
• Published: Ithaca Cornell University Library, arXiv.org 18.10.2024
• Subjects: Cybersecurity; Domain names; Machine learning
• ISSN: 2331-8422

The persistent threat posed by malicious domain names in cyber-attacks underscores the urgent need for effective detection mechanisms. Traditional machine learning methods, while capable of identifying such domains, often suffer from high false positive and false negative rates due to their extensive reliance on historical data. Conventional approaches often overlook the dynamic nature of domain names, the purposes and ownership of which may evolve, potentially rendering risk assessments outdated or irrelevant. To address these shortcomings, we introduce DomainDynamics, a novel system designed to predict domain name risks by considering their lifecycle stages. DomainDynamics constructs a timeline for each domain, evaluating the characteristics of each domain at various points in time to make informed, temporal risk determinations. In an evaluation experiment involving over 85,000 actual malicious domains from malware and phishing incidents, DomainDynamics demonstrated a significant improvement in detection rates, achieving an 82.58\% detection rate with a low false positive rate of 0.41\%. This performance surpasses that of previous studies and commercial services, improving detection capability substantially.