Naslov
Applied machine learning in recognition of DGA domain names

Autori
Stampar, Miroslav ; Fertalj, Kresimir

Izvornik
Computer Science and Information Systems (1820-0214) 19 (2022), 1; 205-227

Vrsta, podvrsta i kategorija rada
Radovi u časopisima, članak, znanstveni

Ključne riječi
domain generation algorithm, binary classification, supervised machine learning, deep learning, blind evaluation

Sažetak
Recognition of domain names generated by domain generation algorithms (DGAs) is the essential part of malware detection by inspection of network traffic. Besides basic heuristics (HE) and limited detection based on blacklists, the most promising course seems to be machine learning (ML). There is a lack of studies that extensively compare different ML models in the field of DGA binary classification, including both conventional and deep learning (DL) representatives. Also, those few that exist are either focused on a small set of models, use a poor set of features in ML models or fail to secure unbiased independence between training and evaluation samples. To overcome these limitations, we engineered a robust feature set, and accordingly trained and evaluated 14 ML, 9 DL, and 2 comparative models on two independent datasets. Results show that if ML features are properly engineered, there is a marginal difference in overall score between top ML and DL representatives. This paper represents the first attempt to neutrally compare the performance of many different models for the recognition of DGA domain names, where the best models perform as well as the top representatives from the literature.

Izvorni jezik
Engleski

Znanstvena područja
Računarstvo

POVEZANOST RADA