Detection of Malicious Domains With Concept Drift Using Ensemble Learning

In the current landscape of network technology, it is indisputable that the Domain Name System (DNS) plays a vital role but also encounters significant security challenges. Despite the potential of recent advancements in deep learning and machine learning, concept drift is often not addressed. In th...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Veröffentlicht in:	IEEE eTransactions on network and service management 2024-12, Vol.21 (6), p.6796-6809
Hauptverfasser:	Chiang, Pin-Hsuan, Tsai, Shi-Chun
Format:	Artikel
Sprache:	eng
Schlagworte:	Adaptation models Anomalies Anomaly detection artificial intelligence and machine learning Bagging Concept drift Data models Deep learning Domain Name System Domain names Drift Ensemble learning Machine learning Resampling Security management security services Streams Synthetic data
Online-Zugang:	Volltext bestellen
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

container_end_page	6809
container_issue	6
container_start_page	6796
container_title	IEEE eTransactions on network and service management
container_volume	21
creator	Chiang, Pin-Hsuan Tsai, Shi-Chun
description	In the current landscape of network technology, it is indisputable that the Domain Name System (DNS) plays a vital role but also encounters significant security challenges. Despite the potential of recent advancements in deep learning and machine learning, concept drift is often not addressed. In this work, we designed a DNS anomaly detection system leveraging client-domain associations. We propose the Modified Deterministic Sampling Classifier with weighted Bagging (MDSCB) method, a chunk-based ensemble learning approach addressing concept drift and data imbalance. It integrates weighted bagging, resampling, random feature selection, and a retention strategy for classifier updates, enhancing adaptability and efficiency. We conducted experiments using multiple real-world and synthetic datasets for evaluation. Empirical studies show that our detection system can help identify malicious domains that are difficult for firewalls to detect timely. Moreover, MDSCB outperforms other methods in terms of performance and efficiency.
doi_str_mv	10.1109/TNSM.2024.3435516
format	Article
fullrecord	<record><control><sourceid>proquest_RIE</sourceid><recordid>TN_cdi_ieee_primary_10620214</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>10620214</ieee_id><sourcerecordid>3147520214</sourcerecordid><originalsourceid>FETCH-LOGICAL-c176t-f218034a6b3b14228b72da82131c175d2766a419df6fd297657d4e76d149337a3</originalsourceid><addsrcrecordid>eNpNkLFOwzAQhi0EEqXwAEgMlphTcrZjJyNqC1RqYaAVo-UkNrhq7GK7A29PqnTodKfT9_8nfQjdQz4ByKun9fvnakJywiaU0aIAfoFGUFGSsYKKy7P9Gt3EuM3zooSKjNBippNukvUOe4NXamcb6w8Rz3ynrIv4y6YfPPWu0fuEZ8GahDfRum88d1F39U7jpVbB9ZdbdGXULuq70xyjzct8PX3Llh-vi-nzMmtA8JQZAmVOmeI1rYERUtaCtKokQKEHipYIzhWDqjXctKQSvBAt04K3wCpKhaJj9Dj07oP_PeiY5NYfgutfSgpMFL0EYD0FA9UEH2PQRu6D7VT4k5DLozF5NCaPxuTJWJ95GDJWa33G86HyHwumZWw</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>3147520214</pqid></control><display><type>article</type><title>Detection of Malicious Domains With Concept Drift Using Ensemble Learning</title><source>IEEE Xplore</source><creator>Chiang, Pin-Hsuan ; Tsai, Shi-Chun</creator><creatorcontrib>Chiang, Pin-Hsuan ; Tsai, Shi-Chun</creatorcontrib><description>In the current landscape of network technology, it is indisputable that the Domain Name System (DNS) plays a vital role but also encounters significant security challenges. Despite the potential of recent advancements in deep learning and machine learning, concept drift is often not addressed. In this work, we designed a DNS anomaly detection system leveraging client-domain associations. We propose the Modified Deterministic Sampling Classifier with weighted Bagging (MDSCB) method, a chunk-based ensemble learning approach addressing concept drift and data imbalance. It integrates weighted bagging, resampling, random feature selection, and a retention strategy for classifier updates, enhancing adaptability and efficiency. We conducted experiments using multiple real-world and synthetic datasets for evaluation. Empirical studies show that our detection system can help identify malicious domains that are difficult for firewalls to detect timely. Moreover, MDSCB outperforms other methods in terms of performance and efficiency.</description><identifier>ISSN: 1932-4537</identifier><identifier>EISSN: 1932-4537</identifier><identifier>DOI: 10.1109/TNSM.2024.3435516</identifier><identifier>CODEN: ITNSC4</identifier><language>eng</language><publisher>New York: IEEE</publisher><subject>Adaptation models ; Anomalies ; Anomaly detection ; artificial intelligence and machine learning ; Bagging ; Concept drift ; Data models ; Deep learning ; Domain Name System ; Domain names ; Drift ; Ensemble learning ; Machine learning ; Resampling ; Security management ; security services ; Streams ; Synthetic data</subject><ispartof>IEEE eTransactions on network and service management, 2024-12, Vol.21 (6), p.6796-6809</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2024</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><cites>FETCH-LOGICAL-c176t-f218034a6b3b14228b72da82131c175d2766a419df6fd297657d4e76d149337a3</cites><orcidid>0000-0002-0085-0377</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/10620214$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>314,776,780,792,27903,27904,54736</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/10620214$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Chiang, Pin-Hsuan</creatorcontrib><creatorcontrib>Tsai, Shi-Chun</creatorcontrib><title>Detection of Malicious Domains With Concept Drift Using Ensemble Learning</title><title>IEEE eTransactions on network and service management</title><addtitle>T-NSM</addtitle><description>In the current landscape of network technology, it is indisputable that the Domain Name System (DNS) plays a vital role but also encounters significant security challenges. Despite the potential of recent advancements in deep learning and machine learning, concept drift is often not addressed. In this work, we designed a DNS anomaly detection system leveraging client-domain associations. We propose the Modified Deterministic Sampling Classifier with weighted Bagging (MDSCB) method, a chunk-based ensemble learning approach addressing concept drift and data imbalance. It integrates weighted bagging, resampling, random feature selection, and a retention strategy for classifier updates, enhancing adaptability and efficiency. We conducted experiments using multiple real-world and synthetic datasets for evaluation. Empirical studies show that our detection system can help identify malicious domains that are difficult for firewalls to detect timely. Moreover, MDSCB outperforms other methods in terms of performance and efficiency.</description><subject>Adaptation models</subject><subject>Anomalies</subject><subject>Anomaly detection</subject><subject>artificial intelligence and machine learning</subject><subject>Bagging</subject><subject>Concept drift</subject><subject>Data models</subject><subject>Deep learning</subject><subject>Domain Name System</subject><subject>Domain names</subject><subject>Drift</subject><subject>Ensemble learning</subject><subject>Machine learning</subject><subject>Resampling</subject><subject>Security management</subject><subject>security services</subject><subject>Streams</subject><subject>Synthetic data</subject><issn>1932-4537</issn><issn>1932-4537</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2024</creationdate><recordtype>article</recordtype><sourceid>RIE</sourceid><recordid>eNpNkLFOwzAQhi0EEqXwAEgMlphTcrZjJyNqC1RqYaAVo-UkNrhq7GK7A29PqnTodKfT9_8nfQjdQz4ByKun9fvnakJywiaU0aIAfoFGUFGSsYKKy7P9Gt3EuM3zooSKjNBippNukvUOe4NXamcb6w8Rz3ynrIv4y6YfPPWu0fuEZ8GahDfRum88d1F39U7jpVbB9ZdbdGXULuq70xyjzct8PX3Llh-vi-nzMmtA8JQZAmVOmeI1rYERUtaCtKokQKEHipYIzhWDqjXctKQSvBAt04K3wCpKhaJj9Dj07oP_PeiY5NYfgutfSgpMFL0EYD0FA9UEH2PQRu6D7VT4k5DLozF5NCaPxuTJWJ95GDJWa33G86HyHwumZWw</recordid><startdate>20241201</startdate><enddate>20241201</enddate><creator>Chiang, Pin-Hsuan</creator><creator>Tsai, Shi-Chun</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><orcidid>https://orcid.org/0000-0002-0085-0377</orcidid></search><sort><creationdate>20241201</creationdate><title>Detection of Malicious Domains With Concept Drift Using Ensemble Learning</title><author>Chiang, Pin-Hsuan ; Tsai, Shi-Chun</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c176t-f218034a6b3b14228b72da82131c175d2766a419df6fd297657d4e76d149337a3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2024</creationdate><topic>Adaptation models</topic><topic>Anomalies</topic><topic>Anomaly detection</topic><topic>artificial intelligence and machine learning</topic><topic>Bagging</topic><topic>Concept drift</topic><topic>Data models</topic><topic>Deep learning</topic><topic>Domain Name System</topic><topic>Domain names</topic><topic>Drift</topic><topic>Ensemble learning</topic><topic>Machine learning</topic><topic>Resampling</topic><topic>Security management</topic><topic>security services</topic><topic>Streams</topic><topic>Synthetic data</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Chiang, Pin-Hsuan</creatorcontrib><creatorcontrib>Tsai, Shi-Chun</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998–Present</collection><collection>IEEE Xplore</collection><collection>CrossRef</collection><jtitle>IEEE eTransactions on network and service management</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Chiang, Pin-Hsuan</au><au>Tsai, Shi-Chun</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Detection of Malicious Domains With Concept Drift Using Ensemble Learning</atitle><jtitle>IEEE eTransactions on network and service management</jtitle><stitle>T-NSM</stitle><date>2024-12-01</date><risdate>2024</risdate><volume>21</volume><issue>6</issue><spage>6796</spage><epage>6809</epage><pages>6796-6809</pages><issn>1932-4537</issn><eissn>1932-4537</eissn><coden>ITNSC4</coden><abstract>In the current landscape of network technology, it is indisputable that the Domain Name System (DNS) plays a vital role but also encounters significant security challenges. Despite the potential of recent advancements in deep learning and machine learning, concept drift is often not addressed. In this work, we designed a DNS anomaly detection system leveraging client-domain associations. We propose the Modified Deterministic Sampling Classifier with weighted Bagging (MDSCB) method, a chunk-based ensemble learning approach addressing concept drift and data imbalance. It integrates weighted bagging, resampling, random feature selection, and a retention strategy for classifier updates, enhancing adaptability and efficiency. We conducted experiments using multiple real-world and synthetic datasets for evaluation. Empirical studies show that our detection system can help identify malicious domains that are difficult for firewalls to detect timely. Moreover, MDSCB outperforms other methods in terms of performance and efficiency.</abstract><cop>New York</cop><pub>IEEE</pub><doi>10.1109/TNSM.2024.3435516</doi><tpages>14</tpages><orcidid>https://orcid.org/0000-0002-0085-0377</orcidid></addata></record>
fulltext	fulltext_linktorsrc
identifier	ISSN: 1932-4537
ispartof	IEEE eTransactions on network and service management, 2024-12, Vol.21 (6), p.6796-6809
issn	1932-4537 1932-4537
language	eng
recordid	cdi_ieee_primary_10620214
source	IEEE Xplore
subjects	Adaptation models Anomalies Anomaly detection artificial intelligence and machine learning Bagging Concept drift Data models Deep learning Domain Name System Domain names Drift Ensemble learning Machine learning Resampling Security management security services Streams Synthetic data
title	Detection of Malicious Domains With Concept Drift Using Ensemble Learning
url	https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-27T20%3A17%3A31IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_RIE&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Detection%20of%20Malicious%20Domains%20With%20Concept%20Drift%20Using%20Ensemble%20Learning&rft.jtitle=IEEE%20eTransactions%20on%20network%20and%20service%20management&rft.au=Chiang,%20Pin-Hsuan&rft.date=2024-12-01&rft.volume=21&rft.issue=6&rft.spage=6796&rft.epage=6809&rft.pages=6796-6809&rft.issn=1932-4537&rft.eissn=1932-4537&rft.coden=ITNSC4&rft_id=info:doi/10.1109/TNSM.2024.3435516&rft_dat=%3Cproquest_RIE%3E3147520214%3C/proquest_RIE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=3147520214&rft_id=info:pmid/&rft_ieee_id=10620214&rfr_iscdi=true