Abstract
Network attacks using Command and Control (C&C) servers have increased significantly. To hide their C&C servers, attackers often use Domain Generation Algorithms (DGA), which automatically generate domain names for C&C servers. Researchers have constructed many unique feature sets and detected DGA domains through machine learning or deep learning models. However, due to the limited features contained in the domain name, the DGA detection results are limited. In order to overcome this problem, the domain name features, the Whois features and the N-gram features are extracted for DGA detection. To obtain the N-gram features, the domain name whitelist and blacklist substring feature sets are constructed. In addition, a deep learning model based on BiLSTM, Attention and CNN is constructed. Additionally, the Domain Center is constructed for fast classification of domain names. Multiple comparative experiment results prove that the proposed model not only gets the best Accuracy, Precision, Recall and F1, but also greatly reduces the detection time.
Funder
Guizhou Province
Liupanshui Normal University High level Talent Research Launch Fund
Liupanshui Science and Technology Bureau Fund Project
Liupanshui Normal University Major Comprehensive Reform Pilot Project
the Science and Technology Foundation of Guizhou Province
the Youth Science and Technology Talent Growth Project of Department of Education in Guizhou Province
Publisher
Public Library of Science (PLoS)
Cited by
3 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. Using DNS Patterns for Automated Cyber Threat Attribution;Proceedings of the 19th International Conference on Availability, Reliability and Security;2024-07-30
2. Detecting Domain Names Generated by DGAs With Low False Positives in Chinese Domain Names;IEEE Access;2024
3. A DGA Domain Name Detection Method Based on Two-Stage Feature Reinforcement;2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom);2023-11-01