A Detection Scheme for DGA Domain Names Based on SVM
- DOI
- 10.2991/mmsa-18.2018.58How to use a DOI?
- Keywords
- DNS; domain name; DGA; SVM; decision-tree
- Abstract
Most of network security configurations allow the DNS data to pass through. Therefore, the crackers often embed malware commands in DNS data to avoid the security detection by the Internet facilities. Especially, some malwares, such as the botnet, generate a large number of spare domain names using a Domain Generation Algorithm (DGA) and choose some of them as the masks of malware’s commands. How to filter out the DGA domain names from the normal domain names becomes a hot topic in literature. There are many papers trying to solve this problem. However, the comprehensive analysis of the character features of the domain name is absent. In this paper, we studied the characters’ features of DGA domain names and extracted five attributes for the Support Vector Machine (SVM) model. Model training and cross-validation showed that the detecting accuracy, the precision, and the recall rate were greater than 91%, 88%, and 87%, respectively. Experiments also illustrated that compared with the decision-tree method, the detecting algorithm based on SVM could obtain higher accuracy, precision and recall rate.
- Copyright
- © 2018, the Authors. Published by Atlantis Press.
- Open Access
- This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).
Cite this article
TY - CONF AU - Zhen Wang AU - Zhongtian Jia AU - Bo Zhang PY - 2018/03 DA - 2018/03 TI - A Detection Scheme for DGA Domain Names Based on SVM BT - Proceedings of the 2018 International Conference on Mathematics, Modelling, Simulation and Algorithms (MMSA 2018) PB - Atlantis Press SP - 257 EP - 263 SN - 1951-6851 UR - https://doi.org/10.2991/mmsa-18.2018.58 DO - 10.2991/mmsa-18.2018.58 ID - Wang2018/03 ER -