Book Chapter10.1007/978-3-030-01701-9_24
A Machine Learning Framework for Studying Domain Generation Algorithm (DGA)-Based Malware
Tommy Chin,Kaiqi Xiong,Chengbin Hu,Yi Li +3 more
- 08 Aug 2018
- pp 433-448
31
TL;DR: A machine learning framework for identifying and clustering domain names to circumvent threats from a DGA is proposed and achieves accuracies of 95.14% and 92.45% for the first-level classification and second-level clustering, respectively.
read more
Abstract: Malware or threat actors use a Command and Control (C2) environment to proliferate and manage an attack. In a sophisticated attack, a threat actor often employs a Domain Generation Algorithm (DGA) to cycle the network location in which malware communicates with C2. Network security controls such as blacklisting, implementing a DNS sinkhole, or inserting a firewall rule is a vital asset to an organization’s security posture. However, all of them are typically ineffective against a DGA. In this paper, we propose a machine learning framework for identifying and clustering domain names to circumvent threats from a DGA. We collect a real-time threat intelligent feed over a six month period where all domains have threats on the public Internet at the time of collection. We then apply the proposed machine learning framework to study DGA-based malware. The proposed framework contains a two-level model, which consists of classification and clustering is used to first detect DGA domains and then identify the DGA of those domains. Our extensive experimental results demonstrate the accuracy of the proposed framework. To be precise, we achieve accuracies of 95.14% for the first-level classification and 92.45% for the second-level clustering, respectively.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
Intelligent Dynamic Malware Detection using Machine Learning in IP Reputation for Forensics Data Analytics
Nighat Usman,Saeeda Usman,Fazlullah Khan,Mian Ahmad Jan,Ahthasham Sajid,Mamoun Alazab,Paul A. Watters +6 more
TL;DR: A novel hybrid approach based on Dynamic Malware Analysis, Cyber Threat Intelligence, Machine Learning (ML), and Data Forensics is proposed which is able to reduce the security issues which were neglected by existing outdated reputation engines.
129
A Machine Learning Framework for Domain Generation Algorithm-Based Malware Detection
TL;DR: This paper collects real-time threat data from the real-life traffic over a one-year period and builds a deep neural network model to enhance the proposed machine learning framework by handling the huge dataset it gradually collected.
Phishlimiter: A Phishing Detection and Mitigation Approach Using Software-Defined Networking
TL;DR: This paper proposes a new technique for deep packet inspection (DPI) and then leverage it with software-defined networking (SDN) to identify phishing activities through e-mail and web-based communication and shows that PhishLimiter provides an effective and efficient solution to deter malicious activities.
64
Deep Learning Approach to DGA Classification for Effective Cyber Security
Karunakaran P
- 06 Jan 2021
TL;DR: This research focuses on analyzing the traffic of botnets for the domain name determination to the IP address of the server, and the proposed algorithm is used to detect DGA which generates malicious domains randomly.
39
References
Beyond blacklists: learning to detect malicious web sites from suspicious URLs
Justin Ma,Lawrence K. Saul,Stefan Savage,Geoffrey M. Voelker +3 more
- 28 Jun 2009
TL;DR: This paper describes an approach to this problem based on automated URL classification, using statistical methods to discover the tell-tale lexical and host-based properties of malicious Web site URLs.
Learning and Classification of Malware Behavior
Konrad Rieck,Thorsten Holz,Carsten Willems,Patrick Düssel,Pavel Laskov +4 more
- 10 Jul 2008
TL;DR: The effectiveness of the proposed method for learning and discrimination of malware behavior is demonstrated, especially in detecting novel instances of malware families previously not recognized by commercial anti-virus software.
GENI: A federated testbed for innovative network experiments
Mark Berman,Jeffrey S. Chase,Lawrence H. Landweber,Akihiro Nakao,Maximilian Ott,Dipankar Raychaudhuri,Robert Ricci,Ivan Seskar +7 more
TL;DR: The concurrent deployment of these technologies on regional and national R&E backbones will result in a revolutionary new national-scale distributed architecture, bringing to the entire network the shared, deeply programmable environment that the cloud has brought to the datacenter.
667
•Proceedings Article
From throw-away traffic to bots: detecting the rise of DGA-based malware
Manos Antonakakis,Roberto Perdisci,Yacin Nadji,Nikolaos Vasiloglou,Saeed Abu-Nimeh,Wenke Lee,David Dagon +6 more
- 08 Aug 2012
TL;DR: A new technique to detect randomly generated domains without reversing is presented, finding that most of the DGA-generated domains that a bot queries would result in Non-Existent Domain (NXDomain) responses, and that bots from the same bot-net (with the same DGA algorithm) would generate similar NXDomain traffic.
Measurements and mitigation of peer-to-peer-based botnets: a case study on storm worm
Thorsten Holz,Moritz Steiner,Frederic Dahl,Ernst W. Biersack,Felix C. Freiling +4 more
- 15 Apr 2008
TL;DR: In a case study, the Storm Worm botnet is examined in detail, the most wide-spread P2P botnet currently propagating in the wild, and two different ways to disrupt the communication channel between controller and compromised machines in order to mitigate the botnet are presented.