Tommy Chin scite author profile

Attackers usually use a command and control (C2) server to manipulate the communication. In order to perform an attack, threat actors often employ a domain generation algorithm (DGA), which can allow malware to communicate with C2 by generating a variety of network locations. Traditional malware control methods, such as blacklisting, are insufficient to handle DGA threats. In this paper, we propose a machine learning framework for identifying and detecting DGA domains to alleviate the threat. We collect real-time threat data from the real-life traffic over a one-year period. We also propose a deep learning model to classify a large number of DGA domains. The proposed machine learning framework consists of a two-level model and a prediction model. In the two-level model, we first classify the DGA domains apart from normal domains and then use the clustering method to identify the algorithms that generate those DGA domains. In the prediction model, a time-series model is constructed to predict incoming domain features based on the hidden Markov model (HMM). Furthermore, we build a deep neural network (DNN) model to enhance the proposed machine learning framework by handling the huge dataset we gradually collected. Our extensive experimental results demonstrate the accuracy of the proposed framework and the DNN model. To be precise, we achieve an accuracy of 95.89% for the classification in the framework and 97.79% in the DNN model, 92.45% for the second-level clustering, and 95.21% for the HMM prediction in the framework. INDEX TERMS Malware, domain generation algorithm, machine learning, security, networking.

show abstract

An SDN-supported collaborative approach for DDoS flooding detection and containment

Chin

Mountrouidou

et al. 2015

View full text Add to dashboard Cite

Phishlimiter: A Phishing Detection and Mitigation Approach Using Software-Defined Networking

Chin

Xiong

2018

IEEE Access

View full text Add to dashboard Cite

Selective Packet Inspection to Detect DoS Flooding Using Software Defined Networking (SDN)

Chin

Mountrouidou

et al. 2015

View full text Add to dashboard Cite

Software-defined networking (SDN) and OpenFlow have been driving new security applications and services. However, even if some of these studies provide interesting visions of what can be achieved, they stop short of presenting realistic application scenarios and experimental results. In this paper, we discuss a novel attack detection approach that coordinates monitors distributed over a network and controllers centralized on an SDN Open Virtual Switch (OVS), selectively inspecting network packets on demand. With different scale of network views and information availability, these two elements collaboratively detect signature constituents of an attack. Therefore, this approach is able to quickly issue an alert against potential threats followed by careful verification for high accuracy, while balancing the workload on the OVS. We have applied this method for detection and mitigation of TCP SYN flood attacks on Global Environment for Network Innovations (GENI). This realistic experimentation has provided us with insightful findings helpful toward a systematic methodology of SDN-supported attack detection and containment.I.

show abstract

A Machine Learning Framework for Studying Domain Generation Algorithm (DGA)-Based Malware

Chin

Xiong

et al. 2018

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Tommy Chin

A Machine Learning Framework for Domain Generation Algorithm-Based Malware Detection

An SDN-supported collaborative approach for DDoS flooding detection and containment

Phishlimiter: A Phishing Detection and Mitigation Approach Using Software-Defined Networking

Selective Packet Inspection to Detect DoS Flooding Using Software Defined Networking (SDN)

A Machine Learning Framework for Studying Domain Generation Algorithm (DGA)-Based Malware

Contact Info

Product

Resources

About