Publication Type : Journal Article
Publisher : Procedia Computer Science
Source : Procedia Computer Science, Volume 171, p.1129-1136 (2020)
Url : https://www.sciencedirect.com/science/article/pii/S1877050920310991
Keywords : DGA, Ensemble learning, malware, PRNG
Campus : Coimbatore
School : School of Engineering
Department : Computer Science
Year : 2020
Abstract : Domain Generation Algorithms are the new source of mediators which will provide the attackers an intelligent way of avoiding detection at the host level. Typically, before the existence of DGA, the malware was having a hardcoded command and control (C&C) IP address. That hardcoded mechanism is prone to detection and thus how DGA came into existence. Domain Generation Algorithms use the traditional cryptographic principles of Pseudo-random number generators (PRNGs) to generate a list of domain names to which malware communicates. In this paper, we constructed a list of 44 features (lexical+statistical) from domain names and used the ensemble approaches like C5.0, Random Forest, Gradient Boosting and CART to classify DGA domain names. C5.0 stands out as the best one with an accuracy value of 0.9704.
Cite this Research Publication : M. P. Anand, Dr. Gireesh K. T., and Charan, P. V. Sai, “An Ensemble Approach For Algorithmically Generated Domain Name Detection Using Statistical And Lexical Analysis”, Procedia Computer Science, vol. 171, pp. 1129-1136, 2020.