Institute of Computing Technology, Chinese Academy IR
| Graph-based fast-flux domain detection using graph neural networks | |
| Xiong, Wei1,2,3; Wang, Yang2; Jiang, Haiyang2; Guan, Hongtao2 | |
| 2026-04-01 | |
| 发表期刊 | COMPUTER NETWORKS
 |
| ISSN | 1389-1286 |
| 卷号 | 278页码:13 |
| 摘要 | Fast-flux domains are frequently exploited by cybercriminals to perform various attacks, making their detection crucial for maintaining network security. Traditional detection methods rely on manually defined statistical indicators to characterize the spatial distribution of a domain's associated hosts, including the resolved hosts and authoritative name servers. However, given the increasingly decentralized nature of internet services, these statistical indicators may fail to capture the feature completely, resulting in inaccurate detection. To address this limitation, our proposed method leverages a graph structure to not only provide a more comprehensive representation of the existing feature but also incorporate a supplementary feature considering the spatial distribution between a domain's client and the resolved hosts assigned to it. At the same time, we customize a graph sampling method to avoid significant increase in detection time caused by excessive graph size. To determine whether the constructed graph represents a fast-flux or benign domain, twelve types of Graph Neural Network (GNN) models, formed by pairwise combinations of three graph convolution methods and four graph pooling methods, are examined. Evaluation datasets are constructed from both public sources and real-world data, demonstrating that the GAT-SAG model performs optimally among the twelve GNN models and significantly outperforms state-of-the-art statistics-based models in terms of accuracy, with only a tolerable increase in time consumption. |
| 关键词 | Fast-flux domain detection Network security Graph representation Graph sampling Graph neural networks |
| DOI | 10.1016/j.comnet.2026.112075 |
| 收录类别 | SCI |
| 语种 | 英语 |
| WOS研究方向 | Computer Science ; Engineering ; Telecommunications |
| WOS类目 | Computer Science, Hardware & Architecture ; Computer Science, Information Systems ; Engineering, Electrical & Electronic ; Telecommunications |
| WOS记录号 | WOS:001693413100001 |
| 出版者 | ELSEVIER |
| 引用统计 | |
| 文献类型 | 期刊论文 |
| 条目标识符 | http://119.78.100.204/handle/2XEOYT63/42786 |
| 专题 | 中国科学院计算技术研究所 |
| 通讯作者 | Xiong, Wei |
| 作者单位 | 1.Univ Chinese Acad Sci, Hangzhou Inst Adv Study, Hangzhou, Peoples R China 2.Chinese Acad Sci, Inst Comp Technol, Beijing, Peoples R China 3.Univ Chinese Acad Sci, Beijing, Peoples R China |
| 推荐引用方式 GB/T 7714 | Xiong, Wei,Wang, Yang,Jiang, Haiyang,et al. Graph-based fast-flux domain detection using graph neural networks[J]. COMPUTER NETWORKS,2026,278:13. |
| APA | Xiong, Wei,Wang, Yang,Jiang, Haiyang,&Guan, Hongtao.(2026).Graph-based fast-flux domain detection using graph neural networks.COMPUTER NETWORKS,278,13. |
| MLA | Xiong, Wei,et al."Graph-based fast-flux domain detection using graph neural networks".COMPUTER NETWORKS 278(2026):13. |
| 条目包含的文件 | 条目无相关文件。 | |||||
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。
修改评论