The persistent threat posed by malicious domain names in cyber-attacks underscores the urgent need for effective detection mechanisms. Traditional machine learning methods, while capable of identifying such domains, often suffer from high false positive and false negative rates due to their extensive reliance on historical data. Conventional approaches often overlook the dynamic nature of domain names, the purposes and ownership of which may evolve, potentially rendering risk assessments outdated or irrelevant. To address these shortcomings, we introduce DomainDynamics, a novel system designed to predict domain name risks by considering their lifecycle stages. DomainDynamics constructs a timeline for each domain, evaluating the characteristics of each domain at various points in time to make informed, temporal risk determinations. In an evaluation experiment involving over 85,000 actual malicious domains from malware and phishing incidents, DomainDynamics demonstrated a significant improvement in detection rates, achieving an 82.58\% detection rate with a low false positive rate of 0.41\%. This performance surpasses that of previous studies and commercial services, improving detection capability substantially.

翻译：恶意域名在网络攻击中构成的持续威胁凸显了建立有效检测机制的迫切需求。传统的机器学习方法虽然能够识别此类域名，但由于过度依赖历史数据，通常存在较高的误报率和漏报率。常规方法往往忽视了域名的动态特性——其用途与所有权可能随时间演变，这可能导致风险评估过时或失效。为应对这些不足，我们提出了DomainDynamics，这是一个通过考虑域名生命周期阶段来预测域名风险的新型系统。DomainDynamics为每个域名构建时间线，通过评估域名在不同时间点的特征来做出基于时序的智能风险判定。在一项涉及超过85,000个来自恶意软件和钓鱼攻击的真实恶意域名的评估实验中，DomainDynamics展现出检测率的显著提升，实现了82.58%的检测率与0.41%的低误报率。该性能超越了以往研究和商业服务的表现，大幅提升了检测能力。