MaldomDetector: A system for detecting algorithmically generated domain names with machine learning. Issue 93 (June 2020)
- Record Type:
- Journal Article
- Title:
- MaldomDetector: A system for detecting algorithmically generated domain names with machine learning. Issue 93 (June 2020)
- Main Title:
- MaldomDetector: A system for detecting algorithmically generated domain names with machine learning
- Authors:
- Almashhadani, Ahmad O.
Kaiiali, Mustafa
Carlin, Domhnall
Sezer, Sakir - Abstract:
- Abstract: One of the leading problems in cyber security at present is the unceasing emergence of sophisticated attacks, such as botnets and ransomware, that rely heavily on Command and Control (C&C) channels to conduct their malicious activities remotely. To avoid channel detection, attackers constantly try to create different covert communication techniques. One such technique is Domain Generation Algorithm (DGA), which allows malware to generate numerous domain names until it finds its corresponding C&C server. It is highly resilient to detection systems and reverse engineering, while allowing the C&C server to have several redundant domain names. This paper presents a malicious domain name detection system, MaldomDetector, which is based on machine learning. It is capable of detecting DGA-based communications and circumventing the attack before it makes any successful connection with the C&C server, using only domain name's characters. MaldomDetector uses a set of easy-to-compute and language-independent features in addition to a deterministic algorithm to detect malicious domains. The experimental results demonstrate that MaldomDetector can operate efficiently as a first alarm to detect DGA-based domains of malware families while maintaining high detection accuracy. Graphical abstract: Image, graphical abstract
- Is Part Of:
- Computers & security. Issue 93(2020)
- Journal:
- Computers & security
- Issue:
- Issue 93(2020)
- Issue Display:
- Volume 93, Issue 93 (2020)
- Year:
- 2020
- Volume:
- 93
- Issue:
- 93
- Issue Sort Value:
- 2020-0093-0093-0000
- Page Start:
- Page End:
- Publication Date:
- 2020-06
- Subjects:
- Network security -- Intrusion detection -- Machine learning -- Command and control -- Domain Generation Algorithm (DGA) -- DNS -- Domain name
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2020.101787 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 13556.xml