IEICE Transactions on Information and Systems
Online ISSN : 1745-1361
Print ISSN : 0916-8532
Special Section on the Architectures, Protocols, and Applications for the Future Internet
DGA-Based Malware Communication Detection from DoH Traffic Using Hierarchical Machine Learning Analysis
Rikima MITSUHASHIYong JINKatsuyoshi IIDAYoshiaki TAKAI
Author information
Keywords: DNS over HTTPS (DoH), encrypted domain name resolution, network traffic classification, hierarchical machine learning analysis, Domain Generation Algorithm (DGA)
JOURNAL FREE ACCESS

2025 Volume E108.D Issue 6 Pages 526-534

Browse “Advance online publication” version
Details
Download PDF (1633K)
Download citation RIS

(compatible with EndNote, Reference Manager, ProCite, RefWorks)

BIB TEX

(compatible with BibDesk, LaTeX)

Text
How to download citation
Contact us
Abstract

Encrypted domain name resolution is increasingly being used to protect the privacy of Internet users, but it may prevent network administrators from detecting malicious communications. Unfortunately, DGA-based malware can exploit it to hide the domain names it generates, so network administrators need a monitoring framework to maintain network security. In this paper, we propose a novel malware detection system using hierarchical machine learning analysis, which incorporates machine learning models, including XGBoost, LightGBM, CatBoost, and RGF. The evaluation results confirm that the proposed system can detect DGA-based malware communication generated by PadCrypt, Sisron, Tinba, and Zloader with 99.19% accuracy. The results show that the proposed system can detect DGA-based malware communications from DoH traffic with sufficient accuracy to support network administrators.

Content from these authors
© 2025 The Institute of Electronics, Information and Communication Engineers
Previous article Next article
Favorites & Alerts

Recently viewed articles
Announcements from publisher
Share this page
feedback
 Top