An Approach for Identifying Malicious Domain Names Generated by Dictionary-Based DGA Bots

Akihiro SATOH; Yutaka NAKAMURA; Yutaka FUKUDA; Daiki NOBAYASHI; Takeshi IKENAGA

doi:10.1587/transinf.2020NTL0001

Special Section on the Architectures, Protocols, and Applications for the Future Internet

An Approach for Identifying Malicious Domain Names Generated by Dictionary-Based DGA Bots

Akihiro SATOH, Yutaka NAKAMURA, Yutaka FUKUDA, Daiki NOBAYASHI, Takeshi IKENAGA

著者情報

キーワード: dga bot, dictionary-based domain generation algorithm, domain name, network security

ジャーナルフリー

2021 年 E104.D 巻 5 号 p. 669-672

DOI https://doi.org/10.1587/transinf.2020NTL0001

詳細

抄録

Computer networks are facing serious threats from the emergence of sophisticated new DGA bots. These DGA bots have their own dictionary, from which they concatenate words to dynamically generate domain names that are difficult to distinguish from human-generated domain names. In this letter, we propose an approach for identifying the callback communications of DGA bots based on relations among the words that constitute the character string of each domain name. Our evaluation indicates high performance, with a recall of 0.9977 and a precision of 0.9869.

責任著者(Corresponding author)

J-STAGEへの登録はこちら（無料）