Enhancing DGA Detection with Machine Learning Algorithms, Journal of Telecommunications and Information Technology, 2025, Special Issue

Biros, Hubert; Kantor, Mirosław

- ris
- BibTeX

Enhancing DGA Detection with Machine Learning Algorithms, Journal of Telecommunications and Information Technology, 2025, Special Issue Biros, Hubert; Kantor, Mirosław

Struktura obiektu

Enhancing DGA Detection with Machine Learning Algorithms, Journal of Telecommunications and Information Technology, 2025, Special Issue

2025, Special Issue, JTIT-artykuły

Biros, Hubert ; Kantor, Mirosław

character-based DGA ; cybersecurity ; DGA detection ; DNS ; machine learning-based DGA detection ; malware analysis ; word-based DGA

kwartalnik

The domain generation algorithm (DGA) is a popular technique used by malware to reliably establish a connection to a command and control (C&C) server. Pseudo-random domain names generated by DGA are used to bypass security measures and allow attackers to maintain control over malware-infected devices. In this work, we present a two-pronged approach to detecting character-based and word-based DGA domain names, creating classifiers specifically tailored to each type. For character-based DGA detection, we employed seven traditional machine learning methods: support vector machine, extremely randomized trees, logistic regression, Gaussian naive Bayes, nearest centroid, random forests, and k-nearest neighbors. We applied a featureful approach, using features extracted from the domain names themselves. Some of these features were drawn from existing literature, while others were newly proposed by authors. Feature selection techniques were used to retain only the best-performing ones. For the more complex task of detecting word-based DGA domain names, we used CNN and LSTM models, relying solely on word embeddings derived from the domain name components. Performance evaluation shows that proposed method gives high-performing, specialized DGA classifiers, which can be combined to create a more general-purpose classifier.

Special Issue

National Institute of Telecommunications

2025, Special Issue

artykuł

10.26636/jtit.2025.FITCE2024.2033

on-line: ISSN 1899-8852

Journal of Telecommunications and Information Technology

ang

Biblioteka Naukowa Instytutu Łączności

CC BY 4.0

Cytowanie