TY - JOUR
T1 - Detection of algorithmically-generated domains
T2 - An adversarial machine learning approach
AU - Alaeiyan, Mohammadhadi
AU - Parsa, Saeed
AU - Vinod, P.
AU - Conti, Mauro
PY - 2020/7/1
Y1 - 2020/7/1
N2 - Domain name detection techniques are widely used to detect Algorithmically Generated Domain names (AGD) applied by Botnets. A major difficulty with these algorithms is to detect those generated names which are meaningful. In this way, Command and Control (C2) servers are detected. Machine learning techniques have been of great use to generalize the attributes of the meaningful names, generated algorithmically. To resist such techniques, the distribution of characters is used as a basis to generate meaningful domain names. Such techniques are called adversarial attacks attempting to fool machine learning methods. However, our experiments with more than 252757 samples show that in addition to character distribution of domain names, randomness property and pronounceability attributes are of great use to detect such meaningful names. Using these additional attributes, we have been able to identify malicious domain names with an accuracy of 98.19%.
AB - Domain name detection techniques are widely used to detect Algorithmically Generated Domain names (AGD) applied by Botnets. A major difficulty with these algorithms is to detect those generated names which are meaningful. In this way, Command and Control (C2) servers are detected. Machine learning techniques have been of great use to generalize the attributes of the meaningful names, generated algorithmically. To resist such techniques, the distribution of characters is used as a basis to generate meaningful domain names. Such techniques are called adversarial attacks attempting to fool machine learning methods. However, our experiments with more than 252757 samples show that in addition to character distribution of domain names, randomness property and pronounceability attributes are of great use to detect such meaningful names. Using these additional attributes, we have been able to identify malicious domain names with an accuracy of 98.19%.
KW - Adversarial machine learning
KW - Domain generation algorithms
KW - Malware
KW - Poisoning attack
KW - Pronunciation score
UR - http://www.scopus.com/inward/record.url?scp=85087886419&partnerID=8YFLogxK
U2 - 10.1016/j.comcom.2020.04.033
DO - 10.1016/j.comcom.2020.04.033
M3 - Article
AN - SCOPUS:85087886419
SN - 0140-3664
VL - 160
SP - 661
EP - 673
JO - Computer Communications
JF - Computer Communications
ER -