MaldomDetector: A System for Detecting Algorithmically Generated Domain Names with Machine Learning

Date

2020-03-12

Advisors

Journal Title

Journal ISSN

ISSN

0167-4048

Volume Title

Publisher

Elsevier

Type

Article

Peer reviewed

Yes

Abstract

One of the leading problems in cyber security at present is the unceasing emergence of sophisticated attacks, such as botnets and ransomware, that rely heavily on Command and Control (C&C) channels to conduct their malicious activities remotely. To avoid channel detection, attackers constantly try to create different covert communication techniques. One such technique is Domain Generation Algorithm (DGA), which allows malware to generate numerous domain names until it finds its corresponding C&C server. It is highly resilient to detection systems and reverse engineering, while allowing the C&C server to have several redundant domain names. This paper presents a malicious domain name detection system, MaldomDetector, which is based on machine learning. It is capable of detecting DGA-based communications and circumventing the attack before it makes any successful connection with the C&C server, using only domain name's characters. MaldomDetector uses a set of easy-to-compute and language-independent features in addition to a deterministic algorithm to detect malicious domains. The experimental results demonstrate that MaldomDetector can operate efficiently as a first alarm to detect DGA-based domains of malware families while maintaining high detection accuracy.

Description

The file attached to this record is the author's final peer reviewed version.
open access article

Keywords

Network Security, Intrusion Detection, Machine Learning, Command and Control, Domain Generation Algorithm (DGA), DNS, Domain name

Citation

Almashhadani, A. O., Kaiiali, M., Carlin, D., Sezer, S. (2020) MaldomDetector: A System for Detecting Algorithmically Generated Domain Names with Machine Learning. Computers & Security, 93, 101787

Rights

Research Institute