A Novel Approach for Detecting DGA-Based Botnets in DNS Queries Using Machine Learning Techniques

Soleymani, Ali; Arabgol, Fatemeh

doi:10.1155/2021/4767388

Cited by 12 publications

(4 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A sample from the gathered dataset is given in figure 3. They have two fields: Scheme Technique Disadvantage [14] Machine learning Performance Issues on large datasets [25] TFIDF models are used for detection.…”

Section: Data Collectionmentioning

confidence: 99%

“…Any machine learning algorithm clearly necessitates an effective feature engineering process, and the features may also need to be changed. [25] proposed a method to extract network behaviour patterns, analyses user behaviour and records the quantity of traffic exchanged between sites. Term frequency-inverse document frequency (TFIDF) models are used to create a system for recognising behavioural patterns, and principal component analysis (PCA) is utilised to improve the speed and accuracy of diagnosis evaluation results.…”

Section: Literature Surveymentioning

confidence: 99%

See 1 more Smart Citation

A Deep learning framework for domain generation algorithm based malware detection

Abhiram

Anver

Rahiman³

2023

Preprint

View full text Add to dashboard Cite

Command and control server, also known as C2 or C&C related cyberat-tacks have sharply grown in recent years. Attackers typically use a domain generating algorithm (DGA) to generate domain names in a random fashion for their C&C servers automatically. As a result, a thorough investigation into the identification of DGA domains has been conducted. On the other side, a lot of anti-malware programmes rely on network whitelisting, hashing, or static string verification. These strategies are fundamental for usage with those risky malware attacks, which can conceal their existence and employ various techniques to evade detection. A two-level model makes up the suggested deep learning framework. First, features from the domain names are generated using a feature generator. Next, DGA domains are distinguished from other domain types, and last, the clustering phase is utilised to pinpoint the type of those DGA domains. This paper demonstrates how the suggested system can efficiently extract the attributes from the domain names, as well as group, categorise, and detect harmful domains with more precision. When compared to other models, the proposed model performs better.

show abstract

Section: Data Collectionmentioning

confidence: 99%

Section: Literature Surveymentioning

confidence: 99%

A Deep learning framework for domain generation algorithm based malware detection

Abhiram

Anver

Rahiman³

2023

Preprint

View full text Add to dashboard Cite

show abstract

“…After the progressions, they use Graph Structure Based Detection of Anomaly (GSBDA) to detect hazardous anomalies and lastly use a KNN to identify the botnet accurately. Ali and Fatemeh [151] uses DNS queries to extract features from network traffic and then apply ML to generate a botnet detection report. Their studies included testing DT, SVM, RF and Logical regression as their ML algorithms and obtained accuracies of 98%, 96%, 99% and 93% respectively.…”

Section: Machine Learning and Network-based Detection Mechanismsmentioning

confidence: 99%

A Survey on Botnets: Incentives, Evolution, Detection and Current Trends

Stege

El-Habr

et al. 2021

Future Internet

View full text Add to dashboard Cite

Botnets, groups of malware-infected hosts controlled by malicious actors, have gained prominence in an era of pervasive computing and the Internet of Things. Botnets have shown a capacity to perform substantial damage through distributed denial-of-service attacks, information theft, spam and malware propagation. In this paper, a systematic literature review on botnets is presented to the reader in order to obtain an understanding of the incentives, evolution, detection, mitigation and current trends within the field of botnet research in pervasive computing. The literature review focuses particularly on the topic of botnet detection and the proposed solutions to mitigate the threat of botnets in system security. Botnet detection and mitigation mechanisms are categorised and briefly described to allow for an easy overview of the many proposed solutions. The paper also summarises the findings to identify current challenges and trends within research to help identify improvements for further botnet mitigation research.

show abstract

“…Periodically, they can also update their control system about their working status. The method by which the botmaster provides instructions and code updates to bots is known as a "botnet control system," also known as a "command and control server" (Soleymani & Arabgol, 2021). Botnet architectures frequently employ Domain Generation Algorithms (DGAs) to avoid detection and shutdown attempts.…”

Section: Introductionmentioning

confidence: 99%

Enhanced DGA Detection in BotNet Traffic: Leveraging N-Gram, Topic Modeling and Attention BiLSTM

2024

Preprint

View full text Add to dashboard Cite

This abstract introduces a novel approach for detecting Domain Generation Algorithm (DGA) in BotNet traffic through the integration of N-Gram analysis, Topic Modeling, and Attention-based Bidirectional Long Short-Term Memory (BiLSTM) networks. The escalating sophistication of cyber threats necessitates advanced methods to identify malicious activities, particularly those involving DGAs in BotNet communication. The proposed model begins with N-Gram analysis, capturing sequential patterns in domain names, thereby enhancing the detection of algorithmically generated domains. Topic Modeling is employed to extract latent themes within the network traffic data, providing a deeper understanding of the semantic context associated with potentially malicious domains. To harness the contextual nuances, an Attention mechanism is integrated into a BiLSTM network, allowing the model to selectively focus on critical segments of the input data. This attention-driven BiLSTM network proves effective in capturing long-range dependencies and intricate temporal dynamics inherent in BotNet communication. Experimental evaluations on diverse datasets demonstrate the efficacy of the proposed approach in outperforming existing methods, showcasing its ability to adapt to evolving adversarial strategies. The fusion of N-Gram, Topic Modeling, and Attention BiLSTM offers a comprehensive solution for DGA detection, providing a robust defense against sophisticated cyber threats in the continually evolving landscape of network security. This research contributes to advancing the field of intrusion detection and cyber threat mitigation by presenting a holistic and adaptive approach tailored to the challenges posed by modern BotNet traffic.

show abstract

A Novel Approach for Detecting DGA-Based Botnets in DNS Queries Using Machine Learning Techniques

Cited by 12 publications

References 10 publications

A Deep learning framework for domain generation algorithm based malware detection

A Deep learning framework for domain generation algorithm based malware detection

A Survey on Botnets: Incentives, Evolution, Detection and Current Trends

Enhanced DGA Detection in BotNet Traffic: Leveraging N-Gram, Topic Modeling and Attention BiLSTM

Contact Info

Product

Resources

About