Accuracy Improvement Method for Malicious Domain Detection using Machine Learning

With the widespread Internet technologies, malware damage also spreads worldwide, making it necessary to address these issues urgently. In some cases, malware-infected terminals use the Domain Name System (DNS) when communicating with the Command and Control (C&C) servers to obtain information for attacks. The previous malware detection focuses on the DNS communication history of malware-infected terminals. However, this method has the problem of poor accuracy in detecting malicious domains when the analysis data is small. This paper proposes a malicious domain detection with the following improvements. The first improvement is adding information on response and time. The second improvement is shortening the query domain names to primary domain names. Further, the proposed method showed improvement in the experiment.