Friday, January 15, 2021

DETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAIN

Author :  Enoch Agyepong

Affiliation :  Cyber Operations Team, Airbus, Corsham

Country :  UK

Category :  Computer Science & Information Technology

Volume, Issue, Month, Year :  8, 8, May, 2018

Abstract :

In recent years, many malware writers have relied on Dynamic Domain Name Services (DDNS) to maintain their Command and Control (C&C) network infrastructure to ensure a persistence presence on a compromised host. Amongst the various DDNS techniques, Domain Generation Algorithm (DGA) is often perceived as the most difficult to detect using traditional methods. This paper presents an approach for detecting DGA using frequency analysis of the character distribution and the weighted scores of the domain names. The approach’s feasibility is demonstrated using a range of legitimate domains and a number of malicious algorithmicallygenerated domain names. Findings from this study show that domain names made up of English characters “a-z” achieving a weighted score of < 45 are often associated with DGA. When a weighted score of < 45 is applied to the Alexa on million list of domain names, only 15% of the domain names were treated as non-human generated.

Keyword :  Domain Generated Algorithm, malicious domain names, Domain Name Frequency Analysis & malicious DNS

For More Detailshttps://airccj.org/CSCP/vol8/csit88802.pdf

No comments:

Post a Comment