Detecting Broad Length Algorithmically Generated Domains
| Autor: | Nainesh Agarwal, Karim Ganame, Issa Traore, Aashna Ahluwalia |
|---|---|
| Rok vydání: | 2017 |
| Předmět: | |
| Zdroj: | Lecture Notes in Computer Science ISBN: 9783319691541 ISDDC |
| Popis: | Domain generation algorithm (DGA) represents a safe haven for modern botnets, as it enables them to escape detection. Due to the fact that DGA domains are generated randomly, they tend to be unusually long, which can be leveraged toward detecting them. Shorter DGA domains, in contrast, are more difficult to detect, as most legitimate domains are relatively short. We introduce in this paper, a new detection model that uses information theoretic features, and leverage the notion of domain length threshold to detect dynamically and transparently DGA domains regardless of their lengths. Experimental evaluation of the approach using public datasets yields detection rate (DR) of 98.96% and false positive rate (FPR) of 2.1%, when using random forests classification technique. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|