Next Article in Journal
An Intelligent Fuzzy Logic-Based Content and Channel Aware Downlink Scheduler for Scalable Video over OFDMA Wireless Systems
Previous Article in Journal
Energy Efficiency of Machine Learning in Embedded Systems Using Neuromorphic Hardware
Previous Article in Special Issue
Anomaly Based Unknown Intrusion Detection in Endpoint Environments

This is an early access version, the complete PDF, HTML, and XML versions will be available soon.

Open AccessArticle

Effective DGA-Domain Detection and Classification with TextCNN and Additional Features

1
Department of Information Security, Hoseo University, Asan 31499, Korea
2
Department of Cyber Security Engineering, Konyang University, Nonsan 32992, Korea
*
Author to whom correspondence should be addressed.
Electronics 2020, 9(7), 1070; https://doi.org/10.3390/electronics9071070
Received: 8 June 2020 / Revised: 25 June 2020 / Accepted: 29 June 2020 / Published: 30 June 2020
(This article belongs to the Special Issue New Challenges on Cyber Threat Intelligence)
Malicious codes, such as advanced persistent threat (APT) attacks, do not operate immediately after infecting the system, but after receiving commands from the attacker’s command and control (C&C) server. The system infected by the malicious code tries to communicate with the C&C server through the IP address or domain address of the C&C server. If the IP address or domain address is hard-coded inside the malicious code, it can analyze the malicious code to obtain the address and block access to the C&C server through security policy. In order to circumvent this address blocking technique, domain generation algorithms are included in the malware to dynamically generate domain addresses. The domain generation algorithm (DGA) generates domains randomly, so it is very difficult to identify and block malicious domains. Therefore, this paper effectively detects and classifies unknown DGA domains. We extract features that are effective for TextCNN-based label prediction, and add additional domain knowledge-based features to improve our model for detecting and classifying DGA-generated malicious domains. The proposed model achieved 99.19% accuracy for DGA classification and 88.77% accuracy for DGA class classification. We expect that the proposed model can be applied to effectively detect and block DGA-generated domains.
Keywords: security; domain generation algorithm; TextCNN; domain features; classification security; domain generation algorithm; TextCNN; domain features; classification
MDPI and ACS Style

Hwang, C.; Kim, H.; Lee, H.; Lee, T. Effective DGA-Domain Detection and Classification with TextCNN and Additional Features. Electronics 2020, 9, 1070.

Show more citation formats Show less citations formats
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

1
Search more from Scilit
 
Search
Back to TopTop