Abstract As an essential network service, the Domain Name System (DNS) is widely abused by attackers, making malicious domain detection a crucial task when combating cybercrimes. The increasing sophistication of attackers calls for new detection methods against novel threats and evasions. In this paper, we analyze the DNS scene and design an intelligent malicious domain detection system, named DeepDom. With joint consideration of both domain’s local features and their global associations, DeepDom is more accurate and is harder for attackers to evade. In DeepDom, we first represent the DNS scene as a Heterogeneous Information Network (HIN) with diverse entities like clients, domains, IP addresses, and accounts to capture richer information. Then, considering the heterogeneous and dynamic nature of DNS, we propose a novel Graph Convolutional Network (GCN) method named SHetGCN to inductively classify domain nodes in the HIN. By guiding the convolution operations with meta-path based short random walks, SHetGCN can jointly handle node features together with structural information and support inductive node embedding. We build a prototype of DeepDom and validate its effectiveness with comprehensive experiments over the DNS data collected from a real-world network, CERNET2. The comparison results demonstrate that our approaches outperform other state-of-the-art techniques.

中文翻译：

---

DeepDom：使用可扩展和异构图卷积网络进行恶意域检测

摘要 作为一种必不可少的网络服务，域名系统（DNS）被攻击者广泛滥用，使得恶意域检测成为打击网络犯罪的关键任务。攻击者的日益复杂要求针对新威胁和规避的新检测方法。在本文中，我们分析了 DNS 场景并设计了一个名为 DeepDom 的智能恶意域检测系统。结合域的局部特征和全局关联，DeepDom更加准确，攻击者更难规避。在 DeepDom 中，我们首先将 DNS 场景表示为具有不同实体（如客户端、域、IP 地址和帐户）的异构信息网络 (HIN)，以捕获更丰富的信息。然后，考虑到 DNS 的异构性和动态性，我们提出了一种名为 SHetGCN 的新型图卷积网络 (GCN) 方法来对 HIN 中的域节点进行归纳分类。通过使用基于元路径的短随机游走引导卷积操作，SHetGCN 可以联合处理节点特征和结构信息，并支持归纳节点嵌入。我们构建了 DeepDom 的原型，并通过对从真实世界网络 CERNET2 收集的 DNS 数据进行的综合实验验证其有效性。比较结果表明，我们的方法优于其他最先进的技术。我们构建了 DeepDom 的原型，并通过对从真实世界网络 CERNET2 收集的 DNS 数据进行的综合实验验证其有效性。比较结果表明，我们的方法优于其他最先进的技术。我们构建了 DeepDom 的原型，并通过对从真实世界网络 CERNET2 收集的 DNS 数据进行的综合实验验证其有效性。比较结果表明，我们的方法优于其他最先进的技术。