A Stacking Approach to Objectionable-Related Domain Names Identification by Passive DNS Traffic (Short Paper)

Domain name classification is an important issue in the field of cyber security. Notice that objectionable-related domain names are one category of domain names that serve services such as gambling, pornography, etc. They are classified and even forbidden in some areas, some of these domain names may defraud visitors privacy and property. Timely and accurate identification of these domain names is significant for Internet content censorship and users security. In this work, we analyze the behavior of objectionable-related domain names from the real-world DNS traffic, finding that there exist evidently differences between objectionable-related domain names and none-objectionable ones. In this paper, we propose a stacking approach to objectionable-related domain names identification, VisSensor, that automatically extracts name features and latent visiting patterns of domain names from the DNS traffic and distinguishes objectionable-related ones. We integrate convolutional neural networks with fully-connected neural networks to collaborate features of different dimensions and improve experimental results. The accuracy of VisSensor is 88.48% with a false positive rate of \(9.11\%\). We also compared VisSensor with a public domain name tagging system, and our VisSensor performed better than the tagging system on the identification task of the objectionable-related domain names.