Detection of algorithmically-generated domains

An adversarial machine learning approach

Journal article (2020)

Authors

Mohammadhadi Alaeiyan Iran University of Science and Technology

Saeed Parsa Iran University of Science and Technology

P. Vinod SCMS School of Engineering and Technology

M. Conti Università degli Studi di Padova

Affiliation

External organisation

Poisoning attack Malware Adversarial machine learning Domain generation algorithms Pronunciation score

More Info

expand_more

To reference this document use:

http://resolver.tudelft.nl/uuid:657895f9-b8bf-4d93-a2ed-89a751cb863f

Published Date

01-07-2020

Language

English

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Affiliation

External organisation

Abstract

Domain name detection techniques are widely used to detect Algorithmically Generated Domain names (AGD) applied by Botnets. A major difficulty with these algorithms is to detect those generated names which are meaningful. In this way, Command and Control (C2) servers are detected. Machine learning techniques have been of great use to generalize the attributes of the meaningful names, generated algorithmically. To resist such techniques, the distribution of characters is used as a basis to generate meaningful domain names. Such techniques are called adversarial attacks attempting to fool machine learning methods. However, our experiments with more than 252757 samples show that in addition to character distribution of domain names, randomness property and pronounceability attributes are of great use to detect such meaningful names. Using these additional attributes, we have been able to identify malicious domain names with an accuracy of 98.19%.