2020
DOI: 10.1109/access.2020.3013494
|View full text |Cite
|
Sign up to set email alerts
|

Inline Detection of DGA Domains Using Side Information

Abstract: Malware applications typically use a command and control (C&C) server to manage bots to perform malicious activities. Domain Generation Algorithms (DGAs) are popular methods for generating pseudo-random domain names that can be used to establish a communication between an infected bot and the C&C server. In recent years, machine learning based systems have been widely used to detect DGAs. There are several well known state-of-the-art classifiers in the literature that can detect DGA domain names in real-time a… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
5
0

Year Published

2020
2020
2024
2024

Publication Types

Select...
4
2
2

Relationship

1
7

Authors

Journals

citations
Cited by 18 publications
(5 citation statements)
references
References 31 publications
0
5
0
Order By: Relevance
“…Unlike the CNN, the RF is trained directly to classify entire groups of DNS queries. To create a feature set, we studied the existing literature on ML approaches to domain name classification and DNS threat detection [1], [2], [3], [4]. After extensive feature analysis on the data from Table I, for the RF we retained the 12 features in Table II.…”
Section: Methodsmentioning
confidence: 99%
“…Unlike the CNN, the RF is trained directly to classify entire groups of DNS queries. To create a feature set, we studied the existing literature on ML approaches to domain name classification and DNS threat detection [1], [2], [3], [4]. After extensive feature analysis on the data from Table I, for the RF we retained the 12 features in Table II.…”
Section: Methodsmentioning
confidence: 99%
“…The following subsections provide more details on the ML models in Section 3.1, on the DL models in Section 3.2, on other methods in Section 3.3, and on the datasets used in the reviewed studies in Section 3.4. [37] RNN Alexa/DGArchive (63 DGAs), Bambenek (11 DGAs) Koh and Rhodes [38] LSTM OpenDNS/Bader, Abakumov Tran et al [39] LSTM.MI Alexa/Bambenek (37 DGAs) Vinayakumar et al [40] LSTM, GRU, IRNN, RNN, CNN, hybrid (CNN-LSTM) Alexa, OpenDNS/Bambenek, Bader (17 DGAs) Xu et al [41] CNN-based Alexa/DGArchive (16 DGAs) Yu et al [42] LSTM, BiLSTM, stacked CNN, parallel CNN, hybrid (CNN-LSTM) Alexa/Bambenek Akarsh et al [43] LSTM OpenDNS, Alexa/20 public DGAs Qiao et al [44] LSTM Alexa/Bambenek Liu et al [45] Hybrid (BiLSTM-CNN) Alexa/Netlab (50 DGAs), Bambenek (30 DGAs) Ren et al [46] CNN, LSTM, CNN-BiLSTM, ATT-CNN-BiLSTM, SVM Alexa/Bambenek, Netlab (19 DGAs) Sivaguru et al [31] hybrid (RF-LSTM.MI) Alexa, private/DGArchive Vij et al [47] LSTM Alexa/11 DGAs Cucchiarelli et al [34] BiLSTM, LSTM.MI, hybrid (CNN-BiLSTM) Alexa/Netlab (25 DGAs) Highnam et al [48] hybrid (CNN-LSTM-ANN) Alexa/DGArchive (3 DGAs) Namgung et al [49] CNN, LSTM, BiLSTM, hybrid (CNN-BiLSTM) Alexa/Bambenek Yilmaz et al [50] LSTM Majestic/DGArchive (68 DGAs) [53] 2020 Alexa/various Yan et al [54] 2020 Passive DNS data/public blacklists Yin et al [55] 2020 Alexa/Bader (19 DGAs)…”
Section: Literature Reviewmentioning
confidence: 99%
“…Of the 22 ML-based studies in our literature review, five studies used a combination of context-free and context-aware features [18,19,28,30,31], and two studies used contextaware features only [14,20], as indicated in Table 1.…”
Section: Context-aware Featuresmentioning
confidence: 99%
See 1 more Smart Citation
“…A large number of pseudo-random domain names (hundreds to tens of thousands per day) could be generated through DGAs, which makes network defenses difficult [2][3] . So detection of DGA domain name has become an important research in network security.…”
Section: Introductionmentioning
confidence: 99%