Submit

Login Login

Register Register

Home/ Journals/ CMC/ Vol.87, No.3, 2026/ 10.32604/cmc.2026.077337

Table of Content

Open Access iconOpen Access

ARTICLE

Federated Learning for Malicious Domain Detection via Privacy-Preserving DNS Traffic Analysis

Samar Abbas Mangi1,*, Samina Rajper1, Noor Ahmed Shaikh1, Shehzad Ashraf Chaudhry2,3

1 Institute of Computer Science, Shah Abdul Latif University Khairpur, Khairpur, Pakistan
2 Department of Computer Science and Information Technology, College of Engineering, Abu Dhabi University, Abu Dhabi, United Arab Emirates
3 Department of Software Engineering, Nisantasi University, Istanbul, Türkiye

* Corresponding Author: Samar Abbas Mangi. Email: email

Computers, Materials & Continua 2026, 87(3), 88 https://doi.org/10.32604/cmc.2026.077337

Received 07 December 2025; Accepted 09 February 2026; Issue published 09 April 2026

Abstract

Malicious domain detection (MDD) from DNS telemetry enables early threat hunting but is constrained by privacy and data-sharing barriers across organizations. We present a deployable federated learning (FL) pipeline that trains a compact deep neural network (DNN; 64-32-16 with ReLU and dropout 0.3) locally at each client and exchanges only masked model updates. Privacy is enforced via secure aggregation (the server observes only an aggregate of masked updates) and optional server-side differential privacy (DP) via clipping and Gaussian noise. Our feature schema combines DNS-specific lexical cues (character n-grams, entropy, TLD indicators) with lightweight behavioral signals (TTL dispersion, query cadence) without exporting raw logs or identifiers. We benchmark FedAvg, FedProx, and FedNova under controlled non-IID client partitions and report ROC-AUC, precision-recall area under the curve (PR-AUC), F1, convergence speed, and communication cost. Federated models approach centralized training while outperforming local-only baselines; FedProx reaches the target Accuracy 0.995 in fewer rounds than FedAvg under medium heterogeneity. We report 95% bootstrap confidence intervals and paired significance tests (DeLong for ROC-AUC; McNemar for Accuracy). Overall, privacy-preserving FL for DNS-based MDD is practical, providing near-centralized utility while keeping DNS data local.

Keywords

Federated learning; DNS security; malicious domain detection; privacy-preserving analytics; secure aggregation; differential privacy

Cite This Article

APA Style
Mangi, S.A., Rajper, S., Shaikh, N.A., Chaudhry, S.A. (2026). Federated Learning for Malicious Domain Detection via Privacy-Preserving DNS Traffic Analysis. Computers, Materials & Continua, 87(3), 88. https://doi.org/10.32604/cmc.2026.077337
Vancouver Style
Mangi SA, Rajper S, Shaikh NA, Chaudhry SA. Federated Learning for Malicious Domain Detection via Privacy-Preserving DNS Traffic Analysis. Comput Mater Contin. 2026;87(3):88. https://doi.org/10.32604/cmc.2026.077337
IEEE Style
S. A. Mangi, S. Rajper, N. A. Shaikh, and S. A. Chaudhry, “Federated Learning for Malicious Domain Detection via Privacy-Preserving DNS Traffic Analysis,” Comput. Mater. Contin., vol. 87, no. 3, pp. 88, 2026. https://doi.org/10.32604/cmc.2026.077337
BibTex EndNote RIS



cc Copyright © 2026 The Author(s). Published by Tech Science Press.
This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

  • 227

    View

  • 64

    Download

  • 0

    Like

Related articles

Copyright© 2026 Tech Science Press
© 1997-2026 TSP (Henderson, USA) unless otherwise stated

Share Link