Dns User Profiling and Risk Assessment: A Learning Approach

Abstract

In the dynamic digital landscape, user profiling is pivotal for acquiring and leveraging personal information, enabling tailored recommendations across online platforms. Social media giants, like Twitter, Facebook, Instagram, and LinkedIn, routinely gather user data on browsing habits, interests, preferences, and intent. This profiling serves as a rich data source for analyzing user behaviors, detecting anomalous users, and assessing potential risks. This paper introduces a DNS user profiling approach to evaluate the risk associated with users' domain-browsing activities, offering a proactive method to minimize risks across different domains.The risk profiling approach extracts information related to the domains accessed by users from DNS servers, employs a new graph-based learning mechanism, presented here, and assigns the risk associated with users and domains. Real data from DNS queries made by Canadian internet users forms the basis of this research. The approach generates a domain similarity graph illustrating threat relationships among domains accessed by users. Through graph-based risk assessment, individual user profiles are crafted based on online activities. This approach facilitates the analysis of users' malicious behaviors, evaluates associated risks, and detects security threats. The evaluation methodology, utilizing the paired T-test for its aptness in consistently comparing different methods across the same set of folds during cross-validation, validates results and confirms high confidence levels of 98.3\% for domains and 96.7\% for users in their respective risk scores.This research introduces an innovative DNS user profiling approach and demonstrates its effectiveness in robustly evaluating and mitigating security risks associated with user-domain interactions.