Malicious DNS detection by combining improved transformer and CNN

With the widespread application of the Internet, network security issues have become increasingly prominent. As an important infrastructure of the Internet, the domain name server has been attacked in various forms. Traditional methods for detecting malicious domain servers are usually based on rule...

Full description

Saved in:
Bibliographic Details
Published in:Scientific reports 2024-12, Vol.14 (1), p.30248-16, Article 30248
Main Authors: Li, Heyu, Li, Zhangmeizhi, Zhang, Shuyan, Pu, Xiao
Format: Article
Language:English
Subjects:
639/166
639/705
Accuracy
Algorithms
CNN
Data integrity
Deep learning
Efficiency
Humanities and Social Sciences
Internet
Localization
Machine learning
Malicious DNS detection
Malware
Methods
multidisciplinary
Multiple attention mechanism
Network security
Network topologies
Neural networks
Processing speed
Science
Science (multidisciplinary)
Security systems
Transformer
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:With the widespread application of the Internet, network security issues have become increasingly prominent. As an important infrastructure of the Internet, the domain name server has been attacked in various forms. Traditional methods for detecting malicious domain servers are usually based on rules or feature engineering, requiring a large amount of manual participation and rule library updates. These methods cannot adapt to the constantly changing threat environment. In response to these issues, this study first improves the Transformer by adjusting its attention head and encoding method. Then, the model is combined with convolutional neural networks. Finally, a block-based ensemble classifier is used for classification detection. The relevant outcomes showed that the average accuracy score of the proposed method was as high as 95.8 points, the average detection time score was 96.8 points, the average feature extraction ability score of the model was 96.3 points, and the overall performance score was 97.6 points. This method has significant advantages over traditional methods in terms of accuracy and detection time, providing a new tool for detecting malicious domain servers.
ISSN:2045-2322
2045-2322
DOI:10.1038/s41598-024-81189-1