Computer Science

Computer Science ›› 2025, Vol. 52 ›› Issue (12): 358-366.doi: 10.11896/jsjkx.241000083

• Information Security • Previous Articles     Next Articles

Research on Malicious Domain Detection Based on Heterogeneous Graph Inductive Learning

LIANG Jianpeng1, MO Xiuliang1, WANG Pengxiang2, WANG Huanran3, WANG Chundong4   

  1. 1 Schoolof Computer Science and Engineering, Tianjin University of Technology, Tianjin 300384, China
    2 Belarusian State University, Minsk 220030, The Republic of Belarus
    3 College of Computer Science and Technology, Harbin Engineering University, Harbin 150001, China
    4 Tianjin Public Security Police Profession College, Tianjin 300382, China
  • Received:2024-10-17 Revised:2025-06-10 Online:2025-12-15 Published:2025-12-09
  • About author:LIANG Jianpeng,born in 2000,master,is a member of CCF(No.V7671G).His main research interest is malicious domain detection.
    MO Xiuliang,born in 1969,postgra-duate,associate professor.His main research interests include information security and network security.
  • Supported by:
    This work was supported by the State Key Program of National Natural Science Foundation of China(61931019).

PDF (PC)

5

Abstract: Current malicious domain detection techniques based on graph neural networks rely on domain experts for meta-path selection to convert heterogeneous graphs into homogeneous graphs for direct learning.This approach struggles to leverage the rich topological information within the graph and lacks good scalability and generalization capabilities.For this issue,this paper proposes a malicious domain detection technique based on inductive learning from heterogeneous graphs.Firstly,it constructs a heterogeneous information network with nodes representing domains,hosts,and domain registration information using a meta-path generation algorithm.Secondly,to address the model’s poor applicability in real networks under direct training,it utilizes the inductive graph neural network HeteroGAT to learn the general structure of the heterogeneous graph formed by training samples and enhances detection performance through an autoencoder-based domain feature representation.Finally,it compares the proposed algorithm with machine learning and deep learning methods on public datasets.Experimental results demonstrate that the proposed method achieves superior performance metrics and effectively handles data imbalance even with a limited number of training samples,showing strong robustness.

Key words: Network security, Malicious domain detection, Inductive learning, Heterogeneous graph, Meta-path

CLC Number: 

  • TP393.08
[1]YADAV S,REDDY A K K,REDDY A L N,et al.Detecting algorithmically generated domain-flux attacks with DNS traffic analysis[J].IEEE/ACM Transactions on Networking,2012,20(5):1663-1677.
[2]MANADHATA P,YADAV S,RAO P,et al.Detecting mali-cious domains via graph inference[C]//Proceedings of the 2014 Workshop on Artificial Intelligent and Security Workshop.2014:59-60.
[3]KHALIL I,YU T,GUAN B.Discovering malicious domainsthrough passive DNS data graph analysis[C]//Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security.2016:663-674.
[4]SUN X,TONG M,YANG J,et al.{HinDom}:A robust malicious domain detection system based on heterogeneous information network with transductive classification[C]//22nd International Symposium on Research in Attacks,Intrusions and Defenses(RAID 2019).2019:399-412.
[5]SUN X,WANG Z,YANG J,et al.Deepdom:Malicious domain detection with scalable and heterogeneous graph convolutional networks[J].Computers & Security,2020,99:102057.
[6]YUN S,JEONG M,YOO S,et al.Graph Transformer Net-works:Learning meta-path graphs to improve GNNs[J].Neural Networks,2022,153:104-119.
[7]BILGE L,SEN S,BALZAROTTI D,et al.Exposure:A passive dns analysis service to detect and report malicious domains[J].ACM Transactions on Information and System Security,2014,16(4):1-28.
[8]PALANIAPPAN G,SANGEETHA S,RAJENDRAN B,et al.Malicious domain detection using machine learning on domain name features,host-based features and web-based features[J].Procedia Computer Science,2020,171:654-661.
[9]LIU Z,ZENG Y,ZHANG P,et al.An imbalanced malicious do-mains detection method based on passive DNS traffic analysis[J].Security and Communication Networks,2018,2018(1):6510381.
[10]PARK K H,SONG H M,DO YOO J,et al.Unsupervised malicious domain detection with less labeling effort[J].Computers &Security,2022,116:102662.
[11]REN F,JIANG Z,WANG X,et al.A DGA domain names detection modeling method based on integrating an attention mechanism and deep neural network[J].Cybersecurity,2020,3(1):4.
[12]WEI J X,LONG C,FU H,et al.Malicious domain name detection method based on enhanced embedded feature hypergraph learning[J].Journal of Computer Research and Development,2024,61(9):2334-2346.
[13]YUAN J T,LIU Y P,YU L.A novel approach for maliciousURL detection based on the joint model[J].Security and Communication Networks,2021,2021(1):4917016.
[14]LEI K,FU Q,NI J,et al.Detecting malicious domains with behavioral modeling and graph embedding[C]//IEEE 39th International Conference on Distributed Computing Systems(ICDCS 2019).IEEE,2019:601-611.
[15]LI Y,LUO X,WANG L,et al.DyDom:Detecting malicious domains with spatial-temporal analysis on dynamic graphs[C]//2021 IEEE 23rd Int Conf on High Performance Computing & Communications;7th Int Conf on Data Science & Systems;19th Int Conf on Smart City;7th Int Conf on Dependability in Sensor,Cloud & Big Data Systems & Application(HPCC/DSS/SmartCity/DependSys).IEEE,2021:283-290.
[16]ZHANG Z,ZHANG S F,YANG W,et al.Malicious DomainName Detection Method Based on Graph Contrastive Learning[J].Ruan Jian Xue Bao/Journal of Software,2024,35(10):4837-4858.
[17]WANG Q,DONG C,JIAN S,et al.HANDOM:Heterogeneous attention network model for malicious domain detection[J].Computers & Security,2023,125:103059.
[18]NG A.Sparse autoencoder[J].CS294A Lecture Notes,2011,72(2011):1-19.
[19]KIPF T N,WELLING M.Semi-supervised classification withgraph convolutional networks[J].arXiv:1609.02907,2016.
[20]VELICKOVIC P,CUCURULL G,CASANOVA A,et al.Graph attention networks[C]//ICLR 2018.2018.
[21]YAO Y,FAN Z S,WANG Q,et al.Malicious Domain Detection Method Based on Multivariate Time-Series Features[J].Netinfo Security,2023,23(11):1-8.
[22]WANG X,JI H,SHI C,et al.Heterogeneous graph attention network[C]//The World Wide Web Conference.2019:2022-2032.
[1] XIA Zhuoqun, ZHOU Zihao, DENG Bin, KANG Chen. Security Situation Assessment Method for Intelligent Water Resources Network Based on ImprovedD-S Evidence [J]. Computer Science, 2025, 52(6A): 240600051-6.
[2] WANG Jinghong, WU Zhibing, WANG Xizhao, LI Haokang. Semantic-aware Heterogeneous Graph Attention Network Based on Multi-view RepresentationLearning [J]. Computer Science, 2025, 52(6): 167-178.
[3] YANG Yingxiu, CHEN Hongmei, ZHOU Lihua , XIAO Qing. Heterogeneous Graph Attention Network Based on Data Augmentation [J]. Computer Science, 2025, 52(3): 180-187.
[4] XIE Peizhong, LI Guanjin, LI Ting. Knowledge Tracing Model Based on Exercise-Knowledge Point Heterogeneous Graph andMulti-feature Fusion [J]. Computer Science, 2025, 52(3): 197-205.
[5] HU Haifeng, ZHU Yiwen, ZHAO Haitao. Network Slicing End-to-end Latency Prediction Based on Heterogeneous Graph Neural Network [J]. Computer Science, 2025, 52(3): 349-358.
[6] SONG Jianhua, CAO Kai, ZHANG Yan. Smart Contract Bytecode Vulnerability Detection Method Based on Heterogeneous Graphs and Instruction Sequences [J]. Computer Science, 2025, 52(12): 367-373.
[7] LYU Shuqi, ZHANG Yunfeng. Fraud User Detection Based on Heterogeneous Information Network with Knowledge Graph Eembedding [J]. Computer Science, 2025, 52(11A): 250400085-7.
[8] MENG Dongyue, HUANG Yuchuan, HAN Guoxiang, LI Hongchen, WANG Pengfei. Research on Emergency Rescue Quadcopter UAV Safety Control Based on Feedforward PID [J]. Computer Science, 2025, 52(11A): 241200203-9.
[9] MENG Lingjun, CHEN Hongchang, WANG Gengrun. Social Bots Detection Based on Multi-relationship Graph Attention Network [J]. Computer Science, 2025, 52(1): 298-306.
[10] YAN Qiuyan, SUN Hao, SI Yuqing, YUAN Guan. Multimodality and Forgetting Mechanisms Model for Knowledge Tracing [J]. Computer Science, 2024, 51(7): 133-139.
[11] MAO Xingjing, WEI Yong, YANG Yurui, JU Shenggen. KHGAS:Keywords Guided Heterogeneous Graph for Abstractive Summarization [J]. Computer Science, 2024, 51(7): 278-286.
[12] PENG Bo, LI Yaodong, GONG Xianfu, LI Hao. Method for Entity Relation Extraction Based on Heterogeneous Graph Neural Networks and TextSemantic Enhancement [J]. Computer Science, 2024, 51(6A): 230700071-5.
[13] WANG Xiaolong, WANG Yanhui, ZHANG Shunxiang, WANG Caiqin, ZHOU Yuhao. Gender Discrimination Speech Detection Model Fusing Post Attributes [J]. Computer Science, 2024, 51(6): 338-345.
[14] CHEN Wei, ZHOU Lihua, WANG Yafeng, WANG Lizhen, CHEN Hongmei. Community Search Based on Disentangled Graph Neural Network in Heterogeneous Information Networks [J]. Computer Science, 2024, 51(3): 90-101.
[15] SHANG Yuling, LI Peng, ZHU Feng, WANG Ruchuan. Overview of IoT Traffic Attack Detection Technology Based on Fuzzy Logic [J]. Computer Science, 2024, 51(3): 3-13.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.