Object

Title: Enhancing DGA Detection with Machine Learning Algorithms, Journal of Telecommunications and Information Technology, 2025, Special Issue

Group publication title:

2025, Special Issue, JTIT-artykuły

Description:

kwartalnik

Abstrakt:

The domain generation algorithm (DGA) is a popular technique used by malware to reliably establish a connection to a command and control (C&C) server. Pseudo-random domain names generated by DGA are used to bypass security measures and allow attackers to maintain control over malware-infected devices. In this work, we present a two-pronged approach to detecting character-based and word-based DGA domain names, creating classifiers specifically tailored to each type. For character-based DGA detection, we employed seven traditional machine learning methods: support vector machine, extremely randomized trees, logistic regression, Gaussian naive Bayes, nearest centroid, random forests, and k-nearest neighbors. We applied a featureful approach, using features extracted from the domain names themselves. Some of these features were drawn from existing literature, while others were newly proposed by authors. Feature selection techniques were used to retain only the best-performing ones. For the more complex task of detecting word-based DGA domain names, we used CNN and LSTM models, relying solely on word embeddings derived from the domain name components. Performance evaluation shows that proposed method gives high-performing, specialized DGA classifiers, which can be combined to create a more general-purpose classifier.

Number:

Special Issue

Publisher:

National Institute of Telecommunications

Resource Identifier:

oai:bc.itl.waw.pl:2388

DOI:

10.26636/jtit.2025.FITCE2024.2033

eISSN:

on-line: ISSN 1899-8852

Source:

Journal of Telecommunications and Information Technology

Language:

ang

Rights Management:

Biblioteka Naukowa Instytutu Łączności

License:

CC BY 4.0

Object collections:

Last modified:

Jun 30, 2025

In our library since:

Jun 30, 2025

Number of object content hits:

1

All available object's versions:

https://ribes-54.man.poznan.pl/publication/2705

Show description in RDF format:

RDF

Show description in OAI-PMH format:

OAI-PMH

Objects Similar

×

Citation

Citation style:

This page uses 'cookies'. More information