出版社:Academy & Industry Research Collaboration Center (AIRCC)
摘要:In recent years, many malware writers have relied on Dynamic Domain Name Services (DDNS)to maintain their Command and Control (C&C) network infrastructure to ensure a persistencepresence on a compromised host. Amongst the various DDNS techniques, Domain GenerationAlgorithm (DGA) is often perceived as the most difficult to detect using traditional methods.This paper presents an approach for detecting DGA using frequency analysis of the characterdistribution and the weighted scores of the domain names. The approach’s feasibility isdemonstrated using a range of legitimate domains and a number of malicious algorithmicallygenerateddomain names. Findings from this study show that domain names made up of Englishcharacters “a-z” achieving a weighted score of < 45 are often associated with DGA. When aweighted score of < 45 is applied to the Alexa one million list of domain names, only 15% of thedomain names were treated as non-human generated.
关键词:Domain Generated Algorithm; malicious domain names; Domain Name Frequency Analysis &;malicious DNS
