An Effective Rapid Threat Detection Framework for Detecting Malicious Domains Using Supervised Machine Learning Approach

Abstract

The Domain Name System (DNS) that translates human readable domain names into IP addresses is important in Internet communication. The critical importance of DNS and its widespread trust has made it a typical target of cybercrimes such as cache poisoning and DNS spoofing, which redirect users to dangerous websites where they lose a lot of money and data. Conventional blacklist-based detection methods are becoming less and less effective against threats that are changing quickly. This research investigates the effectiveness of the supervised machine learning techniques to identify malicious domains using DNS data. Three models (RF TFIDF Lex, SAE Stacking, and CharCNN BiLSTM) are developed and evaluated using the CAIDA DNS dataset. The standard performance measures of accuracy, precision, recall, and F1-score are used to evaluate the performance of the models in a multi-class classification scenario. The experimental data indicate that CharCNN_BiLSTM model is superior to the rest of the approaches, particularly in detecting more complex patterns in the domain, such as DGA and phishing domains. These findings show that deep learning models constructed using sequences are better at reflecting the structural characteristics of malicious domains. The research indicates that in the case of DNS-based threat identification, machine learning-based methods will provide a more credible alternative to traditional methods.