IEICE Transactions on Information and Systems
Online ISSN : 1745-1361
Print ISSN : 0916-8532

This article has now been updated. Please use the final version.

DGA-based Malware Communication Detection from DoH Traffic Using Hierarchical Machine Learning Analysis
Rikima MITSUHASHIYong JINKatsuyoshi IIDAYoshiaki TAKAI
Author information
Keywords: DNS over HTTPS (DoH), Encrypted domain name resolution, Network traffic classification, Hierarchical machine learning analysis, Domain Generation Algorithm (DGA)
JOURNAL FREE ACCESS Advance online publication

Article ID: 2024NTP0004

The final version of this article is now available: Vol. E108.D (2025), No. 6 pp. 526-534
Details
Download PDF (4288K)
Download citation RIS

(compatible with EndNote, Reference Manager, ProCite, RefWorks)

BIB TEX

(compatible with BibDesk, LaTeX)

Text
How to download citation
Contact us
Abstract

Encrypted domain name resolution is increasingly being used to protect the privacy of Internet users, but it may prevent network administrators from detecting malicious communications. Unfortunately, DGA-based malware can exploit it to hide the domain names it generates, so network administrators need a monitoring framework to maintain network security. In this paper, we propose a novel malware detection system using hierarchical machine learning analysis, which incorporates machine learning models, including XGBoost, LightGBM, CatBoost, and RGF. The evaluation results confirm that the proposed system can detect DGA-based malware communication generated by PadCrypt, Sisron, Tinba, and Zloader with 99.19% accuracy. The results showthat the proposed system can detect DGA-based malware communications from DoH traffic with sufficient accuracy to support network administrators.

Content from these authors
© 2024 The Institute of Electronics, Information and Communication Engineers
Favorites & Alerts

Recently viewed articles
Announcements from publisher
Share this page
feedback
 Top