Malicious Domain Detection using DNS Records

One of the most important security challenges with the advance of technology in cyberspace is phishing attacks. Phishing is a type of cyber-attack that always tries to obtain information such as username, password, bank account information, and the like by forging a website, email address and convincing the user to enter this information. Due to the increasing growth of these attacks and the increasing complexity of the type of attack, current phishing detection systems often cannot adapt to new attacks and have low detection accuracy. Graph-based methods are one of the techniques for identifying malicious domains that use the connections between the domain and IP to identify. In this paper, a graph-based phishing detection system using deep learning is presented. The main steps in the proposed method include extracting IP from the domain, defining the relationship between the domains, determining the weights, and converting the data to a vector by the Node2vec algorithm. Then, using CNN and DENSE deep learning models, the classification and identification operations are performed. The experimental results over three different datasets show that the proposed method provides an accuracy of about 99% in identifying malicious domains, which has an acceptable improvement compared to state of the art in this context.