MADONNA: browser-based malicious domain detection through optimized neural network with feature analysis.

Senanayake, Janaka; Rajapaksha, Sampath; Yanai, Naoto; Komiya, Chika; Kalutarage, Harsha

doi:10.1007/978-3-031-56326-3_20

MADONNA: browser-based malicious domain detection through optimized neural network with feature analysis.

Senanayake, Janaka; Rajapaksha, Sampath; Yanai, Naoto; Komiya, Chika; Kalutarage, Harsha

Authors

Mr Janaka Senanayake j.senanayake1@rgu.ac.uk
Lecturer

SAMPATH RAJAPAKSHA R WASALA MUDIYANSELAGE POLWATTE GEDARA s.rajapaksha@rgu.ac.uk
Research Student

Naoto Yanai

Chika Komiya

Dr Harsha Kalutarage h.kalutarage@rgu.ac.uk
Senior Lecturer

Contributors

Norbert Meyer
Editor

Anna Grocholewska-Czuryło
Editor

Abstract

The detection of malicious domains often relies on machine learning (ML), and proposals for browser-based detection of malicious domains with high throughput have been put forward in recent years. However, existing methods suffer from limited accuracy. In this paper, we present MADONNA, a novel browser-based detector for malicious domains that surpasses the current state-of-the-art in both accuracy and throughput. Our technical contributions include optimized feature selection through correlation analysis, and the incorporation of various model optimization techniques like pruning and quantization, to enhance MADONNA's throughput while maintaining accuracy. We conducted extensive experiments and found that our optimized architecture, the Shallow Neural Network (SNN), achieved higher accuracy than standard architectures. Furthermore, we developed and evaluated MADONNA's Google Chrome extension, which outperformed existing methods in terms of accuracy and F1-score by six points (achieving 0.94) and four points (achieving 0.92), respectively, while maintaining a higher throughput improvement of 0.87 s. Our evaluation demonstrates that MADONNA is capable of precisely detecting malicious domains, even in real-world deployments.

Citation

SENANAYAKE, J., RAJAPAKSHA, S., YANAI, N., KOMIYA, C. and KALUTARAGE, H. 2024. MADONNA: browser-based malicious domain detection through optimized neural network with feature analysis. In Meyer, N. and Grocholewska-Czuryło, A. (eds.) Revised selected papers from the proceedings of the 38th International conference on ICT systems security and privacy protection (IFIP SEC 2023), 14-16 June 2023, Poznan, Poland. IFIP advances in information and communication technology, 679. Cham: Springer [online], pages 279-292. Available from: https://doi.org/10.1007/978-3-031-56326-3_20

Conference Name	38th International conference on ICT systems security and privacy protection (IFIP SEC 2023)
Conference Location	Poznan, Poland
Start Date	Jun 14, 2023
End Date	Jun 16, 2023
Acceptance Date	Apr 15, 2023
Online Publication Date	Apr 24, 2024
Publication Date	Dec 31, 2024
Deposit Date	Apr 26, 2024
Publicly Available Date	Apr 25, 2025
Publisher	Springer
Pages	279-292
Series Title	IFIP advances in information and communication technology
Series Number	679
Series ISSN	1868-4238; 1868-422X
Book Title	Revised selected papers from the proceedings of the 38th International conference on ICT systems security and privacy protection (IFIP SEC 2023)
ISBN	9783031563256; 9783031563287
DOI	https://doi.org/10.1007/978-3-031-56326-3_20
Keywords	Malicious domain detection; Cybercrime; Systems security; Machine learning; Browser extensions
Public URL	https://rgu-repository.worktribe.com/output/2308235