{"title":"Which DGA Family does A Malicious Domain Name Belong To","authors":"Yunyi Zhang, Yuelong Wu, Shuyuan Jin","doi":"10.1109/DSC50466.2020.00016","DOIUrl":null,"url":null,"abstract":"The Domain Generation Algorithm (DGA) is a technology that generates a large amount of domains in a short time, commonly applied to malware by malicious attackers to circumvent the security mechanisms, such as domain blacklist. Besides discovering DGA domains, identifying DGA families also is significant for detecting and analyzing malware, which provides security professionals with the perspective of comprehensive analysis. In this paper, we investigate 22 different DGA families and propose an effective approach to portray and classify DGA families, which utilizes the strong host association and family portrait to identify different DGA families among massive DGA domains. The approach mitigates the hurdle caused by the nearly 100 times data difference among different families, implementing DGA family clustering. The experimental results show that the proposed approach identifies all of the DGA families accurately in the network that contains six families.","PeriodicalId":423182,"journal":{"name":"2020 IEEE Fifth International Conference on Data Science in Cyberspace (DSC)","volume":"2010 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE Fifth International Conference on Data Science in Cyberspace (DSC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/DSC50466.2020.00016","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1
Abstract
The Domain Generation Algorithm (DGA) is a technology that generates a large amount of domains in a short time, commonly applied to malware by malicious attackers to circumvent the security mechanisms, such as domain blacklist. Besides discovering DGA domains, identifying DGA families also is significant for detecting and analyzing malware, which provides security professionals with the perspective of comprehensive analysis. In this paper, we investigate 22 different DGA families and propose an effective approach to portray and classify DGA families, which utilizes the strong host association and family portrait to identify different DGA families among massive DGA domains. The approach mitigates the hurdle caused by the nearly 100 times data difference among different families, implementing DGA family clustering. The experimental results show that the proposed approach identifies all of the DGA families accurately in the network that contains six families.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
