The internet domains serve as a launchpad for threat actors to launch several cyber attacks. By exploiting the internet domains as a launchpad platform, threat actors can perform the following activities on Malicious Websites:-
Distribute malware
Facilitate command and control (C&C) communications
Host scam
Perform phishing attacks
Perform cybersquatting
Detecting malicious domains is an ongoing challenge, and in this scenario, MDD (Malicious Domain Detection) plays a key role, as it helps in identifying the domains that are linked to cyberattacks.
The following cybersecurity researchers from the New Jersey Institute of Technology Qatar Computing Research Institute (QCRI), and Hamad Bin Khalifa University (HBKU) have recently discovered a new technique to uncover the websites associated with cyber attacks:-
Mahmoud Nazzal
Issa Khalil
Abdallah Khreishah
NhatHai Phan
Yao Ma
Malicious Domain Detection
In this case, the Graph neural networks (GNNs) is one of the most efficient approach to combat this. The GNN-based MDD uses DNS logs, creates a domain maliciousness graph (DMG), and trains a GNN to conclude the domain maliciousness from known data.
While the GNNs revolutionize graph data with neural layers, creating powerful node embeddings for diverse applications. The Heterogeneous graphs have varied nodes and edges, while in this scenario, the hetGNNs play a key role, as it enhances them for top performance.
Cybersecurity analysts defined the following key elements of the threat actors to characterize the complete threat model:-
Goals of the threat actors
Knowledge of the threat actors
Limits in evading MDD detection
To perform a successful attack against the GNN-based MDD models, the following requirements are needed:-
The adversary owns multiple domains.
Interconnected adversary domains for efficient evasion in bulk.
No Interference among adversary domains.
Study Limitations
Here below, we have mentioned all the study limitations:-
Scarce MDD data
Patented GNNs
Missing defense options for hetGNNs
Simulated adversary models
No real subgraphs impact findings
However, cybersecurity researchers affirmed that future research can boost MDD’s defense with DNS logs and heterogeneity; it also helps counter the MintA’s stealth since it uniquely evades the detection of multiple adversary nodes.