Malicious DNS detection by combining improved transformer and CNN

With the widespread application of the Internet, network security issues have become increasingly prominent. As an important infrastructure of the Internet, the domain name server has been attacked in various forms. Traditional methods for detecting malicious domain servers are usually based on rules or feature engineering, requiring a large amount of manual participation and rule library updates. These methods cannot adapt to the constantly changing threat environment. In response to these issues, this study first improves the Transformer by adjusting its attention head and encoding method. Then, the model is combined with convolutional neural networks. Finally, a block-based ensemble classifier is used for classification detection. The relevant outcomes showed that the average accuracy score of the proposed method was as high as 95.8 points, the average detection time score was 96.8 points, the average feature extraction ability score of the model was 96.3 points, and the overall performance score was 97.6 points. This method has significant advantages over traditional methods in terms of accuracy and detection time, providing a new tool for detecting malicious domain servers.