Malicious Domain Detection

Malicious Domain Detection

Author Name : Supriya Vaddi, Syeda Labeeba Hasan

ABSTRACT As cyber threats continue to advance in complexity and frequency, identifying the underlying components and catalysts of these destructive attacks poses a significant challenge for security systems. Recent cyber-attacks underscore the pivotal role played by the Domain Name Server (DNS) in facilitating various cyber threats. Common DNS-related attacks include DNS Cache poisoning, DNS Hijacking, DNS Tunneling, Domain Hijacking, Subdomain attacks, and DNS Flooding. The severity of these DNS attacks is amplified when executed through a bot network. Recognizing the urgency of addressing these threats, there is a critical need to swiftly identify the associated domain names, their corresponding IP addresses, and promptly block or restrict these IP addresses. The proposed system undergoes training using a dataset from Kaggle comprising approximately 600,000 domains categorized into benign, phishing, defacement, and malware classifications. It uses K-Means and DBSCAN clustering algorithms and achieves an accuracy of 99.8 and 99.6 percent respectively. Its primary objective is to detect malicious domains efficiently. The proposed system is designed to handle large volumes of domains, offering robust protection against highly damaging and disruptive cyber-attacks.