Detection of Malicious Domains With Concept Drift Using Ensemble Learning

In the current landscape of network technology, it is indisputable that the Domain Name System (DNS) plays a vital role but also encounters significant security challenges. Despite the potential of recent advancements in deep learning and machine learning, concept drift is often not addressed. In this work, we designed a DNS anomaly detection system leveraging client-domain associations. We propose the Modified Deterministic Sampling Classifier with weighted Bagging (MDSCB) method, a chunk-based ensemble learning approach addressing concept drift and data imbalance. It integrates weighted bagging, resampling, random feature selection, and a retention strategy for classifier updates, enhancing adaptability and efficiency. We conducted experiments using multiple real-world and synthetic datasets for evaluation. Empirical studies show that our detection system can help identify malicious domains that are difficult for firewalls to detect timely. Moreover, MDSCB outperforms other methods in terms of performance and efficiency.