# Joint Detection of Malicious Domains and Infected Clients

**Authors:** Paul Prasse, Rene Knaebel, Lukas Machlica, Tomas Pevny and, Tobias Scheffer

arXiv: 1906.09084 · 2019-06-24

## TL;DR

This paper presents a transfer learning approach using sluice networks to jointly detect malicious domains and infected clients from encrypted HTTPS traffic, outperforming existing models and identifying new threats.

## Contribution

It introduces a novel transfer learning method that enables simultaneous detection of infected clients and malicious domains, improving detection accuracy and discovering previously unknown threats.

## Key findings

- Model outperforms reference models in detection accuracy
- Successfully detects unknown malware and malicious domains
- Enables joint detection leveraging coupled data

## Abstract

Detection of malware-infected computers and detection of malicious web domains based on their encrypted HTTPS traffic are challenging problems, because only addresses, timestamps, and data volumes are observable. The detection problems are coupled, because infected clients tend to interact with malicious domains. Traffic data can be collected at a large scale, and antivirus tools can be used to identify infected clients in retrospect. Domains, by contrast, have to be labeled individually after forensic analysis. We explore transfer learning based on sluice networks; this allows the detection models to bootstrap each other. In a large-scale experimental study, we find that the model outperforms known reference models and detects previously unknown malware, previously unknown malware families, and previously unknown malicious domains.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1906.09084/full.md

## Figures

13 figures with captions in the complete paper: https://tomesphere.com/paper/1906.09084/full.md

## References

42 references — full list in the complete paper: https://tomesphere.com/paper/1906.09084/full.md

---
Source: https://tomesphere.com/paper/1906.09084