Cargando…
Domain generation algorithms detection with feature extraction and Domain Center construction
Network attacks using Command and Control (C&C) servers have increased significantly. To hide their C&C servers, attackers often use Domain Generation Algorithms (DGA), which automatically generate domain names for C&C servers. Researchers have constructed many unique feature sets and de...
| Autores principales: | , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
Public Library of Science
2023
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9882890/ https://www.ncbi.nlm.nih.gov/pubmed/36706089 http://dx.doi.org/10.1371/journal.pone.0279866 |
| _version_ | 1784879390834819072 |
|---|---|
| author | Sun, Xinjie Liu, Zhifang |
| author_facet | Sun, Xinjie Liu, Zhifang |
| author_sort | Sun, Xinjie |
| collection | PubMed |
| description | Network attacks using Command and Control (C&C) servers have increased significantly. To hide their C&C servers, attackers often use Domain Generation Algorithms (DGA), which automatically generate domain names for C&C servers. Researchers have constructed many unique feature sets and detected DGA domains through machine learning or deep learning models. However, due to the limited features contained in the domain name, the DGA detection results are limited. In order to overcome this problem, the domain name features, the Whois features and the N-gram features are extracted for DGA detection. To obtain the N-gram features, the domain name whitelist and blacklist substring feature sets are constructed. In addition, a deep learning model based on BiLSTM, Attention and CNN is constructed. Additionally, the Domain Center is constructed for fast classification of domain names. Multiple comparative experiment results prove that the proposed model not only gets the best Accuracy, Precision, Recall and F1, but also greatly reduces the detection time. |
| format | Online Article Text |
| id | pubmed-9882890 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2023 |
| publisher | Public Library of Science |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-98828902023-01-28 Domain generation algorithms detection with feature extraction and Domain Center construction Sun, Xinjie Liu, Zhifang PLoS One Research Article Network attacks using Command and Control (C&C) servers have increased significantly. To hide their C&C servers, attackers often use Domain Generation Algorithms (DGA), which automatically generate domain names for C&C servers. Researchers have constructed many unique feature sets and detected DGA domains through machine learning or deep learning models. However, due to the limited features contained in the domain name, the DGA detection results are limited. In order to overcome this problem, the domain name features, the Whois features and the N-gram features are extracted for DGA detection. To obtain the N-gram features, the domain name whitelist and blacklist substring feature sets are constructed. In addition, a deep learning model based on BiLSTM, Attention and CNN is constructed. Additionally, the Domain Center is constructed for fast classification of domain names. Multiple comparative experiment results prove that the proposed model not only gets the best Accuracy, Precision, Recall and F1, but also greatly reduces the detection time. Public Library of Science 2023-01-27 /pmc/articles/PMC9882890/ /pubmed/36706089 http://dx.doi.org/10.1371/journal.pone.0279866 Text en © 2023 Sun, Liu https://creativecommons.org/licenses/by/4.0/This is an open access article distributed under the terms of the Creative Commons Attribution License (https://creativecommons.org/licenses/by/4.0/) , which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited. |
| spellingShingle | Research Article Sun, Xinjie Liu, Zhifang Domain generation algorithms detection with feature extraction and Domain Center construction |
| title | Domain generation algorithms detection with feature extraction and Domain Center construction |
| title_full | Domain generation algorithms detection with feature extraction and Domain Center construction |
| title_fullStr | Domain generation algorithms detection with feature extraction and Domain Center construction |
| title_full_unstemmed | Domain generation algorithms detection with feature extraction and Domain Center construction |
| title_short | Domain generation algorithms detection with feature extraction and Domain Center construction |
| title_sort | domain generation algorithms detection with feature extraction and domain center construction |
| topic | Research Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9882890/ https://www.ncbi.nlm.nih.gov/pubmed/36706089 http://dx.doi.org/10.1371/journal.pone.0279866 |
| work_keys_str_mv | AT sunxinjie domaingenerationalgorithmsdetectionwithfeatureextractionanddomaincenterconstruction AT liuzhifang domaingenerationalgorithmsdetectionwithfeatureextractionanddomaincenterconstruction |