Collaborative Domain Blocking: Using federated NLP To Detect Malicious Domains
This addresses the need for more effective and private malicious domain detection for network security users, though it appears incremental as it builds on existing federated learning and NLP techniques.
The paper tackles the problem of slow and circumventable domain blocking by proposing a federated learning system that analyzes deep textual patterns of network content, showing promise in real-world experiments.
Current content filtering and blocking methods are susceptible to various circumvention techniques and are relatively slow in dealing with new threats. This is due to these methods using shallow pattern recognition that is based on regular expression rules found in crowdsourced block lists. We propose a novel system that aims to remedy the aforementioned issues by examining deep textual patterns of network-oriented content relating to the domain being interacted with. Moreover, we propose to use federated learning that allows users to take advantage of each other's localized knowledge/experience regarding what should or should not be blocked on a network without compromising privacy. Our experiments show the promise of our proposed approach in real world settings. We also provide data-driven recommendations on how to best implement the proposed system.