Detecting Word-Based Algorithmically Generated Domains Using Semantic Analysis

Yang, Luhui; Zhai, Jiangtao; Liu, Weiwei; Ji, Xiangling; Bai, Huiwen; Liu, Guangjie; Dai, Yuewei

doi:10.3390/sym11020176

Cited by 23 publications

(15 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Schales et al [14] performed detection by extracting 17 domain name features combined with four of weighted confidence and verified the effectiveness of the algorithm in a large-scale network environment. Yang et al [15] proposed a word semantic analysis method for word-based domain names to detect malicious domain names by the correlation between words in them. e drawback of feature-based detection algorithms is that they rely on manual feature analysis capabilities, and the dimensionality of character-level features is limited.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Detecting Multielement Algorithmically Generated Domain Names Based on Adaptive Embedding Model

Yang

Liu

et al. 2021

Security and Communication Networks

Self Cite

View full text Add to dashboard Cite

With the development of detection algorithms on malicious dynamic domain names, domain generation algorithms have developed to be more stealthy. The use of multiple elements for generating domains will lead to higher detection difficulty. To effectively improve the detection accuracy of algorithmically generated domain names based on multiple elements, a domain name syntax model is proposed, which analyzes the multiple elements in domain names and their syntactic relationship, and an adaptive embedding method is proposed to achieve effective element parsing of domain names. A parallel convolutional model based on the feature selection module combined with an improved dynamic loss function based on curriculum learning is proposed, which can achieve effective detection on multielement malicious domain names. A series of experiments are designed and the proposed model is compared with five previous algorithms. The experimental results denote that the detection accuracy of the proposed model for multiple-element malicious domain names is significantly higher than that of the comparison algorithms and also has good adaptability to other types of malicious domain names.

show abstract

Section: Related Workmentioning

confidence: 99%

“…e segmentation method used in step 1 is the bidirectional maximum matching algorithm [15]. A unique parsing result T s ′ � e 1 , e 2 , .…”

Section: Adaptive Embedding Modulementioning

confidence: 99%

Detecting Multielement Algorithmically Generated Domain Names Based on Adaptive Embedding Model

Yang

Liu

et al. 2021

Security and Communication Networks

Self Cite

View full text Add to dashboard Cite

show abstract

“…Another approach in [59], proposed a framework for identification word-based DGAs by utilizing the frequency distribution of the words and an ensemble classifier constructed from naive Bayes, extra-trees, and logistic regression. The authors reported that their method outperformed the comparable ones.…”

Section: Identifying Domain Names Generated By Dgasmentioning

confidence: 99%

Artificial Intelligence in the Cyber Domain: Offense and Defense

2020

View full text Add to dashboard Cite

Artificial intelligence techniques have grown rapidly in recent years, and their applications in practice can be seen in many fields, ranging from facial recognition to image analysis. In the cybersecurity domain, AI-based techniques can provide better cyber defense tools and help adversaries improve methods of attack. However, malicious actors are aware of the new prospects too and will probably attempt to use them for nefarious purposes. This survey paper aims at providing an overview of how artificial intelligence can be used in the context of cybersecurity in both offense and defense.

show abstract

“…Yang et al. [ 19 ] analyzed several types of features including word frequency, parts-of-speech, inter-word correlation, and inter-domain correlations by bi-directional maximum matching and then built an ensemble classifier to identify algorithmically generated domain names. Li et al.…”

Section: Related Workmentioning

confidence: 99%

Detection of Algorithmically Generated Domain Names Using the Recurrent Convolutional Neural Network with Spatial Pyramid Pooling

Liu

Zhang

Chen

et al. 2020

Entropy

View full text Add to dashboard Cite

Domain generation algorithms (DGAs) use specific parameters as random seeds to generate a large number of random domain names to prevent malicious domain name detection. This greatly increases the difficulty of detecting and defending against botnets and malware. Traditional models for detecting algorithmically generated domain names generally rely on manually extracting statistical characteristics from the domain names or network traffic and then employing classifiers to distinguish the algorithmically generated domain names. These models always require labor intensive manual feature engineering. In contrast, most state-of-the-art models based on deep neural networks are sensitive to imbalance in the sample distribution and cannot fully exploit the discriminative class features in domain names or network traffic, leading to decreased detection accuracy. To address these issues, we employ the borderline synthetic minority over-sampling algorithm (SMOTE) to improve sample balance. We also propose a recurrent convolutional neural network with spatial pyramid pooling (RCNN-SPP) to extract discriminative and distinctive class features. The recurrent convolutional neural network combines a convolutional neural network (CNN) and a bi-directional long short-term memory network (Bi-LSTM) to extract both the semantic and contextual information from domain names. We then employ the spatial pyramid pooling strategy to refine the contextual representation by capturing multi-scale contextual information from domain names. The experimental results from different domain name datasets demonstrate that our model can achieve 92.36% accuracy, an 89.55% recall rate, a 90.46% F1-score, and 95.39% AUC in identifying DGA and legitimate domain names, and it can achieve 92.45% accuracy rate, a 90.12% recall rate, a 90.86% F1-score, and 96.59% AUC in multi-classification problems. It achieves significant improvement over existing models in terms of accuracy and robustness.

show abstract

Detecting Word-Based Algorithmically Generated Domains Using Semantic Analysis

Cited by 23 publications

References 27 publications

Detecting Multielement Algorithmically Generated Domain Names Based on Adaptive Embedding Model

Detecting Multielement Algorithmically Generated Domain Names Based on Adaptive Embedding Model

Artificial Intelligence in the Cyber Domain: Offense and Defense

Detection of Algorithmically Generated Domain Names Using the Recurrent Convolutional Neural Network with Spatial Pyramid Pooling

Contact Info

Product

Resources

About