Access the full text.
Sign up today, get DeepDyve free for 14 days.
Loading next page...
/lp/springer-journals/botdetector-a-system-for-identifying-dga-based-botnet-with-cnn-lstm-UPGj3yPHOr
References (31)
-
(2021)
Real-time detection of algorithmically generated domainsJournal of Network and Computer Applications, 190
-
D Tran, H Mac, V Tong, HA Tran, LG Nguyen (2017)
A LSTM based framework for handling multiclass imbalance in DGA botnet detectionNeurocomputing, 275
-
A Almashhadani, M Kaiiali, D Carlin, S Sezer (2020)
MaldomDetector: A system for detecting algorithmically generated domain names with machine learningComputers & Security, 93
-
X Zhang, T Wang (2022)
Elastic and reliable bandwidth reservation based on distributed traffic monitoring and controlIEEE Transactions on Parallel and Distributed Systems, 33
-
M Zago, M Gil Pérez, G Martínez Pérez (2019)
Scalable detection of botnets based on DGASoft Computing, 24
-
L Yang, G Liu, J Wang, H Bai, Y Dai (2021)
Fast3DS: A real-time full-convolutional malicious domain name detection systemJournal of Information Security and Applications, 61
-
B Al-Duwairi, M Jarrah, AS Shatnawi (2021)
PASSVM: A highly accurate fast flux detection systemComputers & Security, 110
-
D Huang, X Cai, CD Wang (2019)
Unsupervised feature selection with multi-subspace randomization and collaborationKnowledge-Based Systems, 182
-
F Beiranvand, V Mehrdad, MB Dowlatshahi (2022)
Unsupervised feature selection for image classification: A bipartite matching-based principal component analysis approachKnowledge-Based Systems, 250
-
C Xu, J Shen, X Du (2019)
Detection method of domain names generated by DGAs based on semantic representation and deep neural networkComputers & Security, 85
-
Z Wang, Y Guo, D Montgomery (2022)
Machine learning-based algorithmically generated domain detectionComputers & Electrical Engineering, 100
-
AT Tong, HV Long, D Taniar (2021)
On detecting and classifying DGA botnets and their familiesComputers & Security, 113
-
S Yadav, AK Reddy, AL Reddy, S Ranjan (2012)
Detecting algorithmically generated domain-flux attacks with DNS traffic analysisIEEE/ACM Transactions on Networking, 20
-
M Singh, M Singh, S Kaur (2019)
Issues and challenges in DNS based botnet detection: A surveyComputers & Security, 86
-
GP Akhila, R Gayathri, S Keerthana, A Gladston (2020)
A machine learning framework for domain generating algorithm based malware detectionSecurity and Privacy, 3
-
W Wang, Y Shang, Y He, Y Li, J Liu (2020)
BotMark: Automated botnet detection with hybrid analysis of flow-based and graph-based traffic behaviorsInformation Sciences, 511
-
J Liang, S Chen, Z Wei, S Zhao, W Zhao (2022)
HAGDetector: Heterogeneous DGA domain name detection modelComputers & Security, 120
-
J Xie, M Wang, S Xu, Z Huang, PW Grant (2021)
The unsupervised feature selection algorithms based on standard deviation and cosine similarity for genomic data analysisFrontiers in Genetics, 12
-
AM Manasrah, T Khdour, R Freehat (2022)
DGA-based botnets detection using DNS traffic miningJournal of King Saud University—Computer and Information Sciences, 34
-
C Ysab, A Kj, A Lc, A Gj, C Szab, C Yzab, PD Dan (2022)
Online malicious domain name detection with partial labels for large-scale dependable systemsJournal of Systems and Software, 190
-
M Alaeiyan, S Parsa, P Vinod, M Conti (2020)
Detection of algorithmically-generated domains: An adversarial machine learning approachComputer Communications, 160
-
S Shin, G Gu, N Reddy, CP Lee (2011)
A large-scale empirical study of ConfickerIEEE Transactions on Information Forensics and Security, 7
-
TS Wang, HT Lin, WT Cheng, CY Chen (2017)
DBod: Clustering and detecting DGA-based botnets using DNS traffic analysisComputers & Security, 64
-
J Namgung, S Son, YS Moon (2021)
Efficient deep learning models for DGA domain detectionSecurity and Communication Networks, 2021
-
C Patsakis, F Casino (2021)
Exploiting statistical and structural features for the detection of domain generation algorithmsJournal of Information Security and Applications, 58
-
X Li, H Zhang, R Zhang, Y Liu, F Nie (2019)
Generalized uncorrelated regression with adaptive graph for unsupervised feature selectionIEEE Transactions on Neural Networks and Learning Systems, 30
-
C Patsakis, F Casino, V Katos (2020)
Encrypted and covert DNS queries for botnets: Challenges and countermeasuresComputers & Security, 88
-
X Yun, J Huang, Y Wang, T Zang, Y Zhang (2019)
Khaos: An adversarial neural network DGA with high anti-detection abilityIEEE Transactions on Information Forensics and Security, 15
-
X Zhang, Y Wang, G Geng, J Yu (2021)
Delay-optimized multicast tree packing in software-defined networksIEEE Transactions on Services Computing
-
KH Park, HM Song, JD Yoo, S-Y Hong, B Cho, K Kim, HK Kim (2022)
Unsupervised malicious domain detection with less labeling effortComputers & Security, 116
-
A Cucchiarelli, C Morbidoni, L Spalazzi, M Baldi (2020)
Algorithmically generated malicious domain names detection based on n-grams featuresExpert Systems with Applications, 170
- Publisher
- Springer Journals
- Copyright
- Copyright © The Author(s), under exclusive licence to Springer Science+Business Media, LLC, part of Springer Nature 2023. Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
- ISSN
- 1018-4864
- eISSN
- 1572-9451
- DOI
- 10.1007/s11235-023-01073-7
- Publisher site
- See Article on Publisher Site
Abstract
Botnets are one of the major threats to network security nowadays. To carry out malicious actions remotely, they heavily rely on Command and Control channels. DGA-based botnets use a domain generation algorithm to generate a significant number of domain names. By analyzing the linguistic distinctions between legitimate and DGA-based domain names, traditional machine learning schemes obtain great benefits. However, it is difficult to identify the ones based on wordlists or pseudo-random generated. Accordingly, this paper proposes an efficient CNN-LSTM-based detection model (BotDetector) that uses only a set of simple-to-compute, easy-to-compute character features. We evaluate our model with two open-source benchmark datasets (360 netlab, Bambenek) and real DNS traffic from the China Education and Research Network. Experimental results demonstrate that our algorithm improves by 1.6%\documentclass[12pt]{minimal}\usepackage{amsmath}\usepackage{wasysym}\usepackage{amsfonts}\usepackage{amssymb}\usepackage{amsbsy}\usepackage{mathrsfs}\usepackage{upgreek}\setlength{\oddsidemargin}{-69pt}\begin{document}$$\%$$\end{document} in terms of accuracy and F1-score and reduces the computation time by 9.4%\documentclass[12pt]{minimal}\usepackage{amsmath}\usepackage{wasysym}\usepackage{amsfonts}\usepackage{amssymb}\usepackage{amsbsy}\usepackage{mathrsfs}\usepackage{upgreek}\setlength{\oddsidemargin}{-69pt}\begin{document}$$\%$$\end{document} compared to other state-of-the-art alternatives. Remarkably, our work can identify botnet’s covert communication channels that use domain names based on word lists or pseudo-random generation without any help of reverse engineering.
Journal
Telecommunication Systems – Springer Journals
Published: Feb 1, 2024
Keywords: Network security; Deep learning; Domain generation algorithm; CNN; LSTM; Botnet; DNS traffic