STING: A Stealthy Backdoor Attack on GNN-Based Malicious Domain Detection via DNS Perturbations

Detecting malicious Internet domains is essential for safeguarding against various online threats. The current approach to detecting malicious domains (MDD) employs a graph neural network (GNN) method, which uses DNS logs to construct heterogeneous graphs for determining the maliciousness of unknown domains. Despite its success, this method is vulnerable to data poisoning attacks where an adversary can manipulate specific graph nodes to implant a backdoor into the model during training. To showcase the vulnerability, we propose a stealthy trigger injection attack on node features and graph structure in MDD, dubbed (STINg). The attacker carefully manipulates selected features and edges of its nodes in the graph to create backdoor trigger patterns designed to evade detection by the MDD system, without knowing the model or other parts of the graph. Results from experiments conducted on real-world GNN-based MDD approaches show that the proposed attack is highly effective, with a success rate of over 88% in launching backdoor attacks and only a slight decrease in the model’s accuracy on legitimate domains (not exceeding 4%). Furthermore, the attack bypasses established defenses such as graph purification, adversarial training, and outlier detection, making it a major threat to the security of MDD systems. This study serves as a warning and stresses the importance of continuous vigilance and proactive efforts by both researchers and security experts to secure GNN-based MDD systems and maintain their trustworthiness and stability.