MADMAX: Browser-Based Malicious Domain Detection Through Extreme Learning Machine

Fast and accurate malicious domain detection is an essential research theme to prevent cybercrime, and machine learning is an attractive approach for detecting unseen malicious domains in the past decade. In this paper, we present MADMAX (MAchine learning-baseD MAlicious domain eXhauster) , a browser-based application leveraging extreme learning machine (ELM) for malicious domain detection. In contrast to the existing work of ELM-based domain detection, MADMAX newly introduces two methods, i.e., selection of optimized features to provide higher accuracy and throughput based on permutation importance and real-time training to retrain a model with an updated malicious dataset for continuous malicious domain detection. We demonstrate that MADMAX fairly outperforms the existing work with respect to accuracy and throughput by virtue of the selection of optimized features. Moreover, we also confirm a model with real-time training stably detects even unseen malicious domains, whereas accuracy of a model without the real-time training decreases due to the unseen domains. The source codes of MADMAX is publicly available via GitHub.