Enoch Agyepong
Detection of Algorithmically Generated Malicious Domain
Agyepong, Enoch; Buchanan, William; Jones, Kevin
Abstract
In recent years, many malware writers have relied on Dynamic Domain Name Services (DDNS) to maintain their Command and Control (C&C) network infrastructure to ensure a persistence presence on a compromised host. Amongst the various DDNS techniques, Domain Generation Algorithm (DGA) is often perceived as the most difficult to detect using traditional methods. This paper presents an approach for detecting DGA using frequency analysis of the character distribution and the weighted scores of the domain names. The approach's feasibility is demonstrated using a range of legitimate domains and a number of malicious algorithmically-generated domain names. Findings from this study show that domain names made up of English characters " a-z " achieving a weighted score of < 45 are often associated with DGA. When a weighted score of < 45 is applied to the Alexa one million list of domain names, only 15% of the domain names were treated as non-human generated.
Presentation Conference Type | Conference Paper (Published) |
---|---|
Conference Name | Computer Science & Information Technology |
Start Date | May 26, 2018 |
End Date | May 27, 2018 |
Acceptance Date | Mar 1, 2018 |
Online Publication Date | Jul 2, 2018 |
Publication Date | May 26, 2018 |
Deposit Date | Jul 2, 2018 |
Pages | 13-32 |
Series ISSN | 2231-5403 |
Book Title | CS & IT-CSCP 2018 |
Chapter Number | 1 |
ISBN | 9781921987861 |
DOI | https://doi.org/10.5121/csit.2018.80802 |
Keywords | Domain Generated Algorithm; malicious domain names; Domain Name Frequency Analysis & malicious DNS |
Public URL | http://researchrepository.napier.ac.uk/Output/1239349 |
Publisher URL | http://acsit2018.org |
You might also like
Password Pattern and Vulnerability Analysis for Web and Mobile Applications
(2016)
Journal Article
Approaches to the classification of high entropy file fragments.
(2013)
Journal Article
Plugging the Gaps
(2012)
Journal Article
Downloadable Citations
About Edinburgh Napier Research Repository
Administrator e-mail: repository@napier.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search