Abstract
Domain generation algorithm (DGA) represents a safe haven for modern botnets, as it enables them to escape detection. Due to the fact that DGA domains are generated randomly, they tend to be unusually long, which can be leveraged toward detecting them. Shorter DGA domains, in contrast, are more difficult to detect, as most legitimate domains are relatively short. We introduce in this paper, a new detection model that uses information theoretic features, and leverage the notion of domain length threshold to detect dynamically and transparently DGA domains regardless of their lengths. Experimental evaluation of the approach using public datasets yields detection rate (DR) of 98.96% and false positive rate (FPR) of 2.1%, when using random forests classification technique.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Antonakakis, M., Perdisci, R., Nadji, Y., Vasiloglou, N., Abu-Nimeh, S., Lee, W., Dagon, D.: From throw-away traffic to bots: detecting the rise of DGA-based malware. In: 21st Usenix Security Symposium, 8–10 August 2012 (2012)
Ma, J., Saul, L.K., Savage, S., Voelker, G.M.: Beyond blacklists: learning to detect malicious web sites from suspicious URLs. In: Proceedings of the 15th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, Paris, France, 28 June–01 July 2009, pp. 1245–1254 (2009)
McGrath, D.K., Gupta, M.: Behind phishing: an examination of phisher modi operandi. In: Proceedings of 1st USENIX Workshop on Large-Scale Exploits and Emergent Threats, San Francisco, CA, USA, 15 April 2008 (2008)
Mowbray, M., Hagen, J.: Finding domain-generation algorithms by looking at length distributions. In: 2014 IEEE International Symposium Software Reliability Engineering Workshops (ISSREW), Naples, Italy, 3–6 November 2014 (2014)
Norvig, P.: Natural language corpus data. In: Beautiful Data, pp. 219–242, June 2009. Chapter 14
Sharifnya, R., Abadi, M.: A novel reputation system to detect DGA-based botnets. In: 2013 3rd International eConference on Computer and Knowledge Engineering (ICCKE), pp. 417–423 (2013)
Schiavoni, S., Maggi, F., Cavallaro, L., Zanero, S.: Phoenix: DGA-based botnet tracking and intelligence. In: Dietrich, S. (ed.) DIMVA 2014. LNCS, vol. 8550, pp. 192–211. Springer, Cham (2014). doi:10.1007/978-3-319-08509-8_11
Yadav, S., Reddy, A.K.K., Reddy, A.L.N., Ranjan, S.: Detecting algorithmically generated malicious domain names. In: Proceedings of the 10th ACM SIGCOMM Conference on Internet Measurement (IMC 2010), pp. 48–61. ACM, New York (2010)
Wang, W., Shirley, K.: Breaking Bad: detecting malicious domains using word segmentation. In: Proceedings of the 9th Workshop on Web 2.0 Security and Privacy (W2SP) (2015)
Weymes, B.: DNS anomaly detection: defend against sophisticated malware, 28 May 2013. Web, 28 June 2017. https://www.helpnetsecurity.com/2013/05/28/dns-anomaly-detection-defend-against-sophisticated-malware/
Zhao, D., Traore, I., Sayed, B., Lu, W., Saad, S., Ghorbani, A., Garant, D.: Botnet detection based on traffic behavior analysis and flow intervals. Elsevier J. Comput. Secur. 39, 2–16 (2013)
Zhao, D., Traore, I.: P2P botnet detection through malicious fast flux network identification. In: 7th International Conference on P2P, Parallel, Grid, Cloud, and Internet Computing - 3PGCIC 2012, Victoria, BC, Canada, 12–14 November 2012 (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Ahluwalia, A., Traore, I., Ganame, K., Agarwal, N. (2017). Detecting Broad Length Algorithmically Generated Domains. In: Traore, I., Woungang, I., Awad, A. (eds) Intelligent, Secure, and Dependable Systems in Distributed and Cloud Environments. ISDDC 2017. Lecture Notes in Computer Science(), vol 10618. Springer, Cham. https://doi.org/10.1007/978-3-319-69155-8_2
Download citation
DOI: https://doi.org/10.1007/978-3-319-69155-8_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-69154-1
Online ISBN: 978-3-319-69155-8
eBook Packages: Computer ScienceComputer Science (R0)