Malicious domain detection based on DNS query using Machine Learning

Currently, cyber-attacks have increased rapidly in both the number of attacks and the extent of their damage to organizations and businesses. In particular, cyber-attack techniques based on user-side vulnerabilities are developing very strongly. One of the methods that are commonly used by attackers is distributing malicious domains into users' machines. Because of the serious consequences of the distribution of malicious domains, the problem of early detection of malicious domains is very necessary today. In this paper, we propose a method of detecting malicious domains based on the connection behavior analysis technique using machine learning algorithms. The difference between our research and other studies is shown in looking for and extracting features that accurately represent the behavior of malicious domains and normal domains. Besides, in order to classify the normal domain and malicious domain, we select Random Forest (RF) supervised learning algorithms. In the experimental results, we change the parameters of the RF algorithm to seek the most optimal parameter for the algorithm when applying them to the problem of detecting malicious domains.