Name
Abstract | ||
|---|---|---|
Modern malware families often rely on domain-generation algorithms (DGAs) to determine rendezvous points to their command-and-control server. Traditional defence strategies (such as blacklisting domains or IP addresses) are inadequate against such techniques due to the large and continuously changing list of domains produced by these algorithms. This paper demonstrates that a machine learning approach based on recurrent neural networks is able to detect domain names generated by DGAs with high precision. The neural models are estimated on a large training set of domains generated by various malwares. Experimental results show that this data-driven approach can detect malware-generated domain names with a F_1 score of 0.971. To put it differently, the model can automatically detect 93 % of malware-generated domain names for a false positive rate of 1:100. |
Year | Venue | Field |
|---|---|---|
2017 | arXiv: Cryptography and Security | Training set,False positive rate,Computer science,Recurrent neural network,Theoretical computer science,Blacklisting,Rendezvous,Artificial intelligence,Malware,Machine learning |
DocType | Volume | Citations |
Journal | abs/1709.07102 | 1 |
PageRank | References | Authors |
0.35 | 0 | 2 |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Pierre Lison | 1 | 146 | 12.35 |
| Vasileios Mavroeidis | 2 | 1 | 1.70 |