Event Details

Impact Study of Length in Detecting Algorithmically Generated Domains

Presenter: Aashna Ahluwalia
Supervisor:

Date: Thu, April 12, 2018
Time: 13:00:00 - 14:00:00
Place: EOW 430

ABSTRACT

ABSTRACT: Domain generation algorithm (DGA) is a popular technique for evading detection used by many sophisticated malware families. Since the DGA domains are randomly generated, they tend to exhibit properties that are different from legitimate domain names. It is observed that shorter DGA domains used in emerging malware are more difficult to detect, in contrast to regular DGA domains that are unusually long. While length was considered as a contributing feature in earlier approaches, there has not been a systematic focus on how to leverage its impact on DGA domains detection accuracy. Through our study, we present a new detection model based on semantic and information theory features. The research applies the concept of domain length threshold to detect DGA domains regardless of their lengths. The experimental evaluation of the proposed approach, using public datasets, yield a detection rate (DR) of 98.96% and a false positive rate (FPR) of 2.1%, when using random forests classification technique.

Return to global menu.
Return to primary navigation.
Return to secondary navigation.
Return to page content.

Event Details

Impact Study of Length in Detecting Algorithmically Generated Domains

UVic Electrical & Computer Engineering

UVic Electrical & Computer Engineering