MaldomDetector: A system for detecting algorithmically generated domain names with machine learning
- Submitting institution
-
De Montfort University
- Unit of assessment
- 11 - Computer Science and Informatics
- Output identifier
- 11237
- Type
- D - Journal article
- DOI
-
10.1016/j.cose.2020.101787
- Title of journal
- Computers & Security
- Article number
- 101787
- First page
- -
- Volume
- 93
- Issue
- -
- ISSN
- 0167-4048
- Open access status
- Compliant
- Month of publication
- March
- Year of publication
- 2020
- URL
-
-
- Supplementary information
-
-
- Request cross-referral to
- -
- Output has been delayed by COVID-19
- No
- COVID-19 affected output statement
- -
- Forensic science
- No
- Criminology
- No
- Interdisciplinary
- No
- Number of additional authors
-
3
- Research group(s)
-
-
- Citation count
- 2
- Proposed double-weighted
- No
- Reserve for an output with double weighting
- No
- Additional information
- This work presents a malicious domain name detection system capable of detecting DGA-based communications before a malware makes any successful connection with its C&C server. The system uniquely extracts 12 informative features depending solely on the DNS requests. Although information obtained from DNS responses can be very useful to reduce the false positive rates, it adds a time delay that can be exploited by the malware. After carrying a rigour analysis of a large number of DGA-based domains, the system was able to achieve a high accuracy of 97.82% by depending solely on DNS requests.
- Author contribution statement
- -
- Non-English
- No
- English abstract
- -
