MaldomDetector: A system for detecting algorithmically generated domain names with machine learning
One of the leading problems in cyber security at present is the unceasing emergence of sophisticated attacks, such as botnets and ransomware, that rely heavily on Command and Control (C&C) channels to conduct their malicious activities remotely. To avoid channel detection, attackers constantly t...
Gespeichert in:
| Veröffentlicht in: | Computers & security 2020-06, Vol.93, p.101787-13, Article 101787 |
|---|---|
| Hauptverfasser: | , , , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | 13 |
|---|---|
| container_issue | |
| container_start_page | 101787 |
| container_title | Computers & security |
| container_volume | 93 |
| creator | Almashhadani, Ahmad O. Kaiiali, Mustafa Carlin, Domhnall Sezer, Sakir |
| description | One of the leading problems in cyber security at present is the unceasing emergence of sophisticated attacks, such as botnets and ransomware, that rely heavily on Command and Control (C&C) channels to conduct their malicious activities remotely. To avoid channel detection, attackers constantly try to create different covert communication techniques. One such technique is Domain Generation Algorithm (DGA), which allows malware to generate numerous domain names until it finds its corresponding C&C server. It is highly resilient to detection systems and reverse engineering, while allowing the C&C server to have several redundant domain names. This paper presents a malicious domain name detection system, MaldomDetector, which is based on machine learning. It is capable of detecting DGA-based communications and circumventing the attack before it makes any successful connection with the C&C server, using only domain name's characters. MaldomDetector uses a set of easy-to-compute and language-independent features in addition to a deterministic algorithm to detect malicious domains. The experimental results demonstrate that MaldomDetector can operate efficiently as a first alarm to detect DGA-based domains of malware families while maintaining high detection accuracy.
[Display omitted] |
| doi_str_mv | 10.1016/j.cose.2020.101787 |
| format | Article |
| fullrecord | <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2434470016</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><els_id>S0167404820300729</els_id><sourcerecordid>2434470016</sourcerecordid><originalsourceid>FETCH-LOGICAL-c372t-5a28f8e0702b1a2ce3e5ffbb39462f2724bae021cf3593bee0709e9b335a2a173</originalsourceid><addsrcrecordid>eNp9kE1PwyAYgInRxDn9A55IPHfy0ZXWeFnmZzLjRc-E0peNpoUJnWb_Xrp59kTy5nmA90HompIZJbS4bWfaR5gxwg4DUYoTNKGlYFnBSHmKJgkSWU7y8hxdxNiSxBRlOUH6TXWN7x9gAD34cIcXOO7jAD02PuDmMLZujVW39sEOm95q1XV7vAYHQQ3Q4GQr67BTPUT8kxDcK72xDnAHKrgkX6Izo7oIV3_nFH0-PX4sX7LV-_PrcrHKNBdsyOaKlaYEIgirqWIaOMyNqWte5QUzTLC8VkAY1YbPK17DSFZQ1ZwnU1HBp-jmeO82-K8dxEG2fhdcelKynOe5SFsXiWJHSgcfYwAjt8H2KuwlJXKMKVs5xpRjTHmMmaT7owTp_98WgozagtPQ2JAKycbb__RfFoR-gg</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2434470016</pqid></control><display><type>article</type><title>MaldomDetector: A system for detecting algorithmically generated domain names with machine learning</title><source>Elsevier ScienceDirect Journals</source><creator>Almashhadani, Ahmad O. ; Kaiiali, Mustafa ; Carlin, Domhnall ; Sezer, Sakir</creator><creatorcontrib>Almashhadani, Ahmad O. ; Kaiiali, Mustafa ; Carlin, Domhnall ; Sezer, Sakir</creatorcontrib><description>One of the leading problems in cyber security at present is the unceasing emergence of sophisticated attacks, such as botnets and ransomware, that rely heavily on Command and Control (C&C) channels to conduct their malicious activities remotely. To avoid channel detection, attackers constantly try to create different covert communication techniques. One such technique is Domain Generation Algorithm (DGA), which allows malware to generate numerous domain names until it finds its corresponding C&C server. It is highly resilient to detection systems and reverse engineering, while allowing the C&C server to have several redundant domain names. This paper presents a malicious domain name detection system, MaldomDetector, which is based on machine learning. It is capable of detecting DGA-based communications and circumventing the attack before it makes any successful connection with the C&C server, using only domain name's characters. MaldomDetector uses a set of easy-to-compute and language-independent features in addition to a deterministic algorithm to detect malicious domains. The experimental results demonstrate that MaldomDetector can operate efficiently as a first alarm to detect DGA-based domains of malware families while maintaining high detection accuracy.
[Display omitted]</description><identifier>ISSN: 0167-4048</identifier><identifier>EISSN: 1872-6208</identifier><identifier>DOI: 10.1016/j.cose.2020.101787</identifier><language>eng</language><publisher>Amsterdam: Elsevier Ltd</publisher><subject>Algorithms ; Command and control ; Cybersecurity ; DNS ; Domain Generation Algorithm (DGA) ; Domain name ; Domain names ; Intrusion detection ; Machine learning ; Malware ; Network security ; Ransomware ; Reverse engineering ; URLs</subject><ispartof>Computers & security, 2020-06, Vol.93, p.101787-13, Article 101787</ispartof><rights>2020</rights><rights>Copyright Elsevier Sequoia S.A. Jun 2020</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c372t-5a28f8e0702b1a2ce3e5ffbb39462f2724bae021cf3593bee0709e9b335a2a173</citedby><cites>FETCH-LOGICAL-c372t-5a28f8e0702b1a2ce3e5ffbb39462f2724bae021cf3593bee0709e9b335a2a173</cites><orcidid>0000-0002-8424-2757 ; 0000-0003-0783-2777 ; 0000-0002-1991-9047</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://dx.doi.org/10.1016/j.cose.2020.101787$$EHTML$$P50$$Gelsevier$$Hfree_for_read</linktohtml><link.rule.ids>314,778,782,3539,27907,27908,45978</link.rule.ids></links><search><creatorcontrib>Almashhadani, Ahmad O.</creatorcontrib><creatorcontrib>Kaiiali, Mustafa</creatorcontrib><creatorcontrib>Carlin, Domhnall</creatorcontrib><creatorcontrib>Sezer, Sakir</creatorcontrib><title>MaldomDetector: A system for detecting algorithmically generated domain names with machine learning</title><title>Computers & security</title><description>One of the leading problems in cyber security at present is the unceasing emergence of sophisticated attacks, such as botnets and ransomware, that rely heavily on Command and Control (C&C) channels to conduct their malicious activities remotely. To avoid channel detection, attackers constantly try to create different covert communication techniques. One such technique is Domain Generation Algorithm (DGA), which allows malware to generate numerous domain names until it finds its corresponding C&C server. It is highly resilient to detection systems and reverse engineering, while allowing the C&C server to have several redundant domain names. This paper presents a malicious domain name detection system, MaldomDetector, which is based on machine learning. It is capable of detecting DGA-based communications and circumventing the attack before it makes any successful connection with the C&C server, using only domain name's characters. MaldomDetector uses a set of easy-to-compute and language-independent features in addition to a deterministic algorithm to detect malicious domains. The experimental results demonstrate that MaldomDetector can operate efficiently as a first alarm to detect DGA-based domains of malware families while maintaining high detection accuracy.
[Display omitted]</description><subject>Algorithms</subject><subject>Command and control</subject><subject>Cybersecurity</subject><subject>DNS</subject><subject>Domain Generation Algorithm (DGA)</subject><subject>Domain name</subject><subject>Domain names</subject><subject>Intrusion detection</subject><subject>Machine learning</subject><subject>Malware</subject><subject>Network security</subject><subject>Ransomware</subject><subject>Reverse engineering</subject><subject>URLs</subject><issn>0167-4048</issn><issn>1872-6208</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2020</creationdate><recordtype>article</recordtype><recordid>eNp9kE1PwyAYgInRxDn9A55IPHfy0ZXWeFnmZzLjRc-E0peNpoUJnWb_Xrp59kTy5nmA90HompIZJbS4bWfaR5gxwg4DUYoTNKGlYFnBSHmKJgkSWU7y8hxdxNiSxBRlOUH6TXWN7x9gAD34cIcXOO7jAD02PuDmMLZujVW39sEOm95q1XV7vAYHQQ3Q4GQr67BTPUT8kxDcK72xDnAHKrgkX6Izo7oIV3_nFH0-PX4sX7LV-_PrcrHKNBdsyOaKlaYEIgirqWIaOMyNqWte5QUzTLC8VkAY1YbPK17DSFZQ1ZwnU1HBp-jmeO82-K8dxEG2fhdcelKynOe5SFsXiWJHSgcfYwAjt8H2KuwlJXKMKVs5xpRjTHmMmaT7owTp_98WgozagtPQ2JAKycbb__RfFoR-gg</recordid><startdate>202006</startdate><enddate>202006</enddate><creator>Almashhadani, Ahmad O.</creator><creator>Kaiiali, Mustafa</creator><creator>Carlin, Domhnall</creator><creator>Sezer, Sakir</creator><general>Elsevier Ltd</general><general>Elsevier Sequoia S.A</general><scope>6I.</scope><scope>AAFTH</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>JQ2</scope><scope>K7.</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><orcidid>https://orcid.org/0000-0002-8424-2757</orcidid><orcidid>https://orcid.org/0000-0003-0783-2777</orcidid><orcidid>https://orcid.org/0000-0002-1991-9047</orcidid></search><sort><creationdate>202006</creationdate><title>MaldomDetector: A system for detecting algorithmically generated domain names with machine learning</title><author>Almashhadani, Ahmad O. ; Kaiiali, Mustafa ; Carlin, Domhnall ; Sezer, Sakir</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c372t-5a28f8e0702b1a2ce3e5ffbb39462f2724bae021cf3593bee0709e9b335a2a173</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2020</creationdate><topic>Algorithms</topic><topic>Command and control</topic><topic>Cybersecurity</topic><topic>DNS</topic><topic>Domain Generation Algorithm (DGA)</topic><topic>Domain name</topic><topic>Domain names</topic><topic>Intrusion detection</topic><topic>Machine learning</topic><topic>Malware</topic><topic>Network security</topic><topic>Ransomware</topic><topic>Reverse engineering</topic><topic>URLs</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Almashhadani, Ahmad O.</creatorcontrib><creatorcontrib>Kaiiali, Mustafa</creatorcontrib><creatorcontrib>Carlin, Domhnall</creatorcontrib><creatorcontrib>Sezer, Sakir</creatorcontrib><collection>ScienceDirect Open Access Titles</collection><collection>Elsevier:ScienceDirect:Open Access</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>ProQuest Criminal Justice (Alumni)</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>Computers & security</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Almashhadani, Ahmad O.</au><au>Kaiiali, Mustafa</au><au>Carlin, Domhnall</au><au>Sezer, Sakir</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>MaldomDetector: A system for detecting algorithmically generated domain names with machine learning</atitle><jtitle>Computers & security</jtitle><date>2020-06</date><risdate>2020</risdate><volume>93</volume><spage>101787</spage><epage>13</epage><pages>101787-13</pages><artnum>101787</artnum><issn>0167-4048</issn><eissn>1872-6208</eissn><abstract>One of the leading problems in cyber security at present is the unceasing emergence of sophisticated attacks, such as botnets and ransomware, that rely heavily on Command and Control (C&C) channels to conduct their malicious activities remotely. To avoid channel detection, attackers constantly try to create different covert communication techniques. One such technique is Domain Generation Algorithm (DGA), which allows malware to generate numerous domain names until it finds its corresponding C&C server. It is highly resilient to detection systems and reverse engineering, while allowing the C&C server to have several redundant domain names. This paper presents a malicious domain name detection system, MaldomDetector, which is based on machine learning. It is capable of detecting DGA-based communications and circumventing the attack before it makes any successful connection with the C&C server, using only domain name's characters. MaldomDetector uses a set of easy-to-compute and language-independent features in addition to a deterministic algorithm to detect malicious domains. The experimental results demonstrate that MaldomDetector can operate efficiently as a first alarm to detect DGA-based domains of malware families while maintaining high detection accuracy.
[Display omitted]</abstract><cop>Amsterdam</cop><pub>Elsevier Ltd</pub><doi>10.1016/j.cose.2020.101787</doi><tpages>13</tpages><orcidid>https://orcid.org/0000-0002-8424-2757</orcidid><orcidid>https://orcid.org/0000-0003-0783-2777</orcidid><orcidid>https://orcid.org/0000-0002-1991-9047</orcidid><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 0167-4048 |
| ispartof | Computers & security, 2020-06, Vol.93, p.101787-13, Article 101787 |
| issn | 0167-4048 1872-6208 |
| language | eng |
| recordid | cdi_proquest_journals_2434470016 |
| source | Elsevier ScienceDirect Journals |
| subjects | Algorithms Command and control Cybersecurity DNS Domain Generation Algorithm (DGA) Domain name Domain names Intrusion detection Machine learning Malware Network security Ransomware Reverse engineering URLs |
| title | MaldomDetector: A system for detecting algorithmically generated domain names with machine learning |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-17T02%3A10%3A08IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=MaldomDetector:%20A%20system%20for%20detecting%20algorithmically%20generated%20domain%20names%20with%20machine%20learning&rft.jtitle=Computers%20&%20security&rft.au=Almashhadani,%20Ahmad%20O.&rft.date=2020-06&rft.volume=93&rft.spage=101787&rft.epage=13&rft.pages=101787-13&rft.artnum=101787&rft.issn=0167-4048&rft.eissn=1872-6208&rft_id=info:doi/10.1016/j.cose.2020.101787&rft_dat=%3Cproquest_cross%3E2434470016%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2434470016&rft_id=info:pmid/&rft_els_id=S0167404820300729&rfr_iscdi=true |