Detection of DGA-Generated Domain Names with TF-IDF

Vranken, Harald; Alizadeh, Hassan

doi:10.3390/electronics11030414

Cited by 19 publications

(9 citation statements)

References 52 publications

(80 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The selected families of malicious domain names and the number of them are shown in Table 2. Refer to Vranken [20] For dataset D, there were 1417 phrase elements after bigram processing, 31,220 phrase elements after trigram processing, 127,469 phrase elements after 4-g processing, and 138,636 phrase elements after 5-g processing. The N-gram algorithm was used for the legitimate and malicious domain names in D. The distribution of the phrase elements of the domain names was obtained as shown in Figure 5a,b.…”

Section: Discussionmentioning

confidence: 99%

N-Trans: Parallel Detection Algorithm for DGA Domain Names

Yang

Yan

et al. 2022

Future Internet

View full text Add to dashboard Cite

Domain name generation algorithms are widely used in malware, such as botnet binaries, to generate large sequences of domain names of which some are registered by cybercriminals. Accurate detection of malicious domains can effectively defend against cyber attacks. The detection of such malicious domain names by the use of traditional machine learning algorithms has been explored by many researchers, but still is not perfect. To further improve on this, we propose a novel parallel detection model named N-Trans that is based on the N-gram algorithm with the Transformer model. First, we add flag bits to the first and last positions of the domain name for the parallel combination of the N-gram algorithm and Transformer framework to detect a domain name. The model can effectively extract the letter combination features and capture the position features of letters in the domain name. It can capture features such as the first and last letters in the domain name and the position relationship between letters. In addition, it can accurately distinguish between legitimate and malicious domain names. In the experiment, the dataset is the legal domain name of Alexa and the malicious domain name collected by the 360 Security Lab. The experimental results show that the parallel detection model based on N-gram and Transformer achieves 96.97% accuracy for DGA malicious domain name detection. It can effectively and accurately identify malicious domain names and outperforms the mainstream malicious domain name detection algorithms.

show abstract

Section: Discussionmentioning

confidence: 99%

N-Trans: Parallel Detection Algorithm for DGA Domain Names

Yang

Yan

et al. 2022

Future Internet

View full text Add to dashboard Cite

show abstract

“…An example of a domain from this family is "b83ed4877eec1997fcc39b7ae590007a.info". This example appears to be very random and obviously fits the features of a generated hash [12,13]. Arithmetic-based DGAs are the most common ones in this category, the domains are constructed by generating sequences of values that have either an ASCII representation directly or index hardcoded arrays that constitute the DGA alphabet.…”

Section: Related Workmentioning

confidence: 96%

Real time botnet detection system based on machine learning algorithms

Fang¹

2023

2022 2nd Conference on High Performance Computing and Communication Engineering (HPCCE 2022)

View full text Add to dashboard Cite

Studies towards botnet activity detection methods have become a major focus over the years since many concerns have been raised due to botnets. The detection against Domain Name System (DNS) queries, which bots widely used for their connection with the Command&Control (C&C) server, was considered the main method of botnet prevention. However, this method does not apply to Domain Generation Algorithm (DGA)-based botnets, which dynamically generate a large number of Non-existent domains, combined with fast flux. The approach of using machine learning in which the models are trained to study the characteristics of DGA domains is thought to be more effective than the methods that rely solely on a set of fixed rules. For such reasons, this paper will explore a novel method of botnet detection using machine learning. The effectiveness of this method is to be assessed in a system we designed for botnet detection, fed with truth marked dataset. The results indicate a high performance of our method with 95.3% in accuracy and a 5.4% false positive rate (FPR).

show abstract

“…TF-IDF is one of the traditional methods based on statistics [21]. It has been used in many different applications, such as document clustering [22], text classification [23], detection of domain name generation algorithms [24], and comparing research trends [25]. Term frequency or word frequency is a rarer method used in information retrieval systems compared to TF-IDF.…”

Section: Related Workmentioning

confidence: 99%

Automatic Extraction of Indonesian Stopwords

Achsan¹,

Suhartanto²,

Wibowo³

et al. 2023

IJACSA

View full text Add to dashboard Cite

The rapid growth of the Indonesian language content on the Internet has drawn researchers' attention. By using natural language processing, they can extract high-value information from such content and documents. However, processing large and numerous documents is very timeconsuming and computationally expensive. Reducing these computational costs requires attribute reduction by removing some common words or stopwords. This research aims to extract stopwords automatically from a large corpus, about seven million words, in the Indonesian language downloaded from the web. The problem is that Indonesian is a low-resource language, making it challenging to develop an automatic stopword extractor. The method used is Term Frequency -Inverse Document Frequency (TF-IDF) and presents a methodology for ranking stopwords using TFs and IDFs, which is applicable to even a small corpus (as low as one document). It is an automatic method that can be applied to many different languages with no prior linguistic knowledge required. There are two novelties or contributions in this method: it can show all words found in all documents, and it has an automatic cut-off technique for selecting the top rank of stopwords candidates in the Indonesian language, overcoming one of the most challenging aspects of stopwords extraction.

show abstract

Detection of DGA-Generated Domain Names with TF-IDF

Cited by 19 publications

References 52 publications

N-Trans: Parallel Detection Algorithm for DGA Domain Names

N-Trans: Parallel Detection Algorithm for DGA Domain Names

Real time botnet detection system based on machine learning algorithms

Automatic Extraction of Indonesian Stopwords

Contact Info

Product

Resources

About