Exploration into gray area: Toward efficient labeling for detecting malicious domain names

Naoki Fukushi, Daiki Chiba, Mitsuaki Akiyama, Masato Uchida

Research output: Contribution to journalArticle

Abstract

In this paper, we propose a method to reduce the labeling cost while acquiring training data for a malicious domain name detection system using supervised machine learning. In the conventional systems, to train a classifier with high classification accuracy, large quantities of benign and malicious domain names need to be prepared as training data. In general, malicious domain names are observed less frequently than benign domain names. Therefore, it is difficult to acquire a large number of malicious domain names without a dedicated labeling method. We propose a method based on active learning that labels data around the decision boundary of classification, i.e., in the gray area, and we show that the classification accuracy can be improved by using approximately 1% of the training data used by the conventional systems. Another disadvantage of the conventional system is that if the classifier is trained with a small amount of training data, its generalization ability cannot be guaranteed. We propose a method based on ensemble learning that integrates multiple classifiers, and we show that the classification accuracy can be stabilized and improved. The combination of the two methods proposed here allows us to develop a new system for malicious domain name detection with high classification accuracy and generalization ability by labeling a small amount of training data.

Original languageEnglish
Pages (from-to)375-388
Number of pages14
JournalIEICE Transactions on Communications
Volume103
Issue number4
DOIs
Publication statusPublished - 2020

Keywords

  • Active learning
  • Data labeling
  • Ensemble learning
  • Malicious domain name

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications
  • Electrical and Electronic Engineering

Fingerprint Dive into the research topics of 'Exploration into gray area: Toward efficient labeling for detecting malicious domain names'. Together they form a unique fingerprint.

  • Cite this