| Popis: |
Botnets often use Domain Generating Algorithms (DGAs) to facilitate covert server communication in carrying out different types of cyber-attacks. Attackers employ these algorithms to generate millions of sites for victim machines to connect to, thus evading defense using blacklists. DGAs enables attacks to be facilitated without the fear of command and control (C&C) servers being identified and permanently blocked. Utilizing the domain fluxing technique, attackers making use of DGAs can constantly change the domains used by their C&C servers from one to another in a very short time, whenever they are blocked. Therefore, automated detection of DGA generated domains can serve as an essential countermeasure to prevent malicious botnet communication promptly. In our research, we devise a comprehensive solution to detect malicious DGA generated domains used in malware communication. Two distinct feature extraction methods, the Bigram model and the Word2Vec model, are applied for text processing in combination with machine learning and deep learning techniques on a large and very diverse dataset for DGAs that exist currently, containing 84 different traditional and dictionary-based DGA families. Our results demonstrate exceptional success in both binary classification (classifying a given domain as benign or malicious), and multiclass classification (identifying the specific DGA variation or family that produced the domain). |
