A Multiclass Model for Adversary Domain Name Classification using Tree Based AI Classifiers

Abstract

The rising prevalence of AI-generated adversary (malicious) domain names has escalated the challenge of
combating cybercrime, particularly as spamming, phishing, and malware activities become increasingly common
online. Traditional approaches, such as blacklisting, binary detection systems, and basic lexical analysis of domain
names, prove insufficient for real-time identification of malicious domains across various cyber threat landscapes.
This study presents a comprehensive strategy for the multiclass detection of malicious domain names (MDNs)
utilizing data mining techniques. It investigates feature engineering processes, including dimensionality reduction
and variance inflation factor analysis, to identify and select domain name features that enhance the performance of
advanced AI and machine learning classifiers in classifying MDNs. We employed a train/test split ratio and cross-validation methods on the CIC-Bell-DNS2021 public dataset for training some cutting-edge AL/ML classifiers. The
findings reveal that tree-based machine learning algorithms, particularly the Extreme Gradient Boosting (XGBoost)
algorithm achieved outstanding results, with a mean accuracy score of 0.9998 (100%). Additionally, regarding
execution time, XGBoost displayed a notable advantage, requiring less time to build models, which could
significantly influence real-time detection capabilities when implemented as a cybersecurity tool for detecting
malicious domain names.