To see the other types of publications on this topic, follow the link: Domain Generation Algorithm (DGA).
Journal articles on the topic 'Domain Generation Algorithm (DGA)'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 journal articles for your research on the topic 'Domain Generation Algorithm (DGA).'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
Hwang, Chanwoong, Hyosik Kim, Hooki Lee, and Taejin Lee. "Effective DGA-Domain Detection and Classification with TextCNN and Additional Features." Electronics 9, no. 7 (2020): 1070. http://dx.doi.org/10.3390/electronics9071070.
Full textAbstract:
Malicious codes, such as advanced persistent threat (APT) attacks, do not operate immediately after infecting the system, but after receiving commands from the attacker’s command and control (C&C) server. The system infected by the malicious code tries to communicate with the C&C server through the IP address or domain address of the C&C server. If the IP address or domain address is hard-coded inside the malicious code, it can analyze the malicious code to obtain the address and block access to the C&C server through security policy. In order to circumvent this address blocking technique, domain generation algorithms are included in the malware to dynamically generate domain addresses. The domain generation algorithm (DGA) generates domains randomly, so it is very difficult to identify and block malicious domains. Therefore, this paper effectively detects and classifies unknown DGA domains. We extract features that are effective for TextCNN-based label prediction, and add additional domain knowledge-based features to improve our model for detecting and classifying DGA-generated malicious domains. The proposed model achieved 99.19% accuracy for DGA classification and 88.77% accuracy for DGA class classification. We expect that the proposed model can be applied to effectively detect and block DGA-generated domains.
2
Zhai, You, Liqun Yang, Jian Yang, Longtao He, and Zhoujun Li. "BadDGA: Backdoor Attack on LSTM-Based Domain Generation Algorithm Detector." Electronics 12, no. 3 (2023): 736. http://dx.doi.org/10.3390/electronics12030736.
Full textAbstract:
Due to the outstanding performance of deep neural networks (DNNs), many researchers have begun to transfer deep learning techniques to their fields. To detect algorithmically generated domains (AGDs) generated by domain generation algorithm (DGA) in botnets, a long short-term memory (LSTM)-based DGA detector has achieved excellent performance. However, the previous DNNs have found various inherent vulnerabilities, so cyberattackers can use these drawbacks to deceive DNNs, misleading DNNs into making wrong decisions. Backdoor attack as one of the popular attack strategies strike against DNNs has attracted widespread attention in recent years. In this paper, to cheat the LSTM-based DGA detector, we propose BadDGA, a backdoor attack against the LSTM-based DGA detector. Specifically, we offer four backdoor attack trigger construction methods: TLD-triggers, Ngram-triggers, Word-triggers, and IDN-triggers. Finally, we evaluate BadDGA on ten popular DGA datasets. The experimental results show that under the premise of 1‰ poisoning rate, our proposed backdoor attack can achieve a 100% attack success rate to verify the effectiveness of our method. Meanwhile, the model’s utility on clean data is influenced slightly.
3
P, Karunakaran. "Deep Learning Approach to DGA Classification for Effective Cyber Security." December 2020 2, no. 4 (2021): 203–13. http://dx.doi.org/10.36548/jucct.2020.4.003.
Full textAbstract:
In recent years, invaders are increasing rapidly in an internet world. Generally, in order to detect the anonymous attackers algorithm needs more number of features. Many algorithms fail in the efficiency of detection malicious code. Immediately this codes will not infect the system; it will attack server after communicate later. Our research focuses on analyzing the traffic of botnets for the domain name determination to the IP address of the server. This botnet creates the domain name differently. Many domains are generated by attackers and create the huge Domain Name System (DNS) traffic. In this research paper, uses both public and real time environments datasets to detect the text features as well as knowledge based feature extraction. The classifying of Domain Generation Algorithm (DGA) generated malicious domains randomly making the efficiency down in many algorithms which were used preprocessing without proper feature extraction. Effectively, our proposed algorithm is used to detect DGA which generates malicious domains randomly. This effective detection of our proposed algorithm performs with text based label prediction and additional features for extraction to improve the efficiency of the model. Our proposed model achieved 94.9% accuracy for DGA classification with help of additional feature extraction and knowledge based extraction in the deep learning architecture.
4
Sun, Xinjie, and Zhifang Liu. "Domain generation algorithms detection with feature extraction and Domain Center construction." PLOS ONE 18, no. 1 (2023): e0279866. http://dx.doi.org/10.1371/journal.pone.0279866.
Full textAbstract:
Network attacks using Command and Control (C&C) servers have increased significantly. To hide their C&C servers, attackers often use Domain Generation Algorithms (DGA), which automatically generate domain names for C&C servers. Researchers have constructed many unique feature sets and detected DGA domains through machine learning or deep learning models. However, due to the limited features contained in the domain name, the DGA detection results are limited. In order to overcome this problem, the domain name features, the Whois features and the N-gram features are extracted for DGA detection. To obtain the N-gram features, the domain name whitelist and blacklist substring feature sets are constructed. In addition, a deep learning model based on BiLSTM, Attention and CNN is constructed. Additionally, the Domain Center is constructed for fast classification of domain names. Multiple comparative experiment results prove that the proposed model not only gets the best Accuracy, Precision, Recall and F1, but also greatly reduces the detection time.
5
Zou, Futai, Linsen Li, Yue Wu, Jianhua Li, Siyu Zhang, and Kaida Jiang. "Detecting Domain-Flux Malware Using DNS Failure Traffic." International Journal of Software Engineering and Knowledge Engineering 28, no. 02 (2018): 151–73. http://dx.doi.org/10.1142/s0218194018400016.
Full textAbstract:
Domain-Flux malware is hard to detect because of the variable C&C (Command and Control) domains which were randomly generated by the technique of domain generation algorithm (DGA). In this paper, we propose a Domain-Flux malware detection approach based on DNS failure traffic. The approach fully leverages the behavior of DNS failure traffic to recognize nine features, and then mines the DGA-generated domains by a clustering algorithm and determinable rules. Theoretical analysis and experimental results verify its efficiency with both test dataset and real-world dataset. On the test dataset, our approach can achieve a true positive rate of 99.82% at false positive rate of 0.39%. On the real-world dataset, the approach can also achieve a relatively high precision of 98.3% and find out 197,026 DGA domains by analyzing DNS traffic in campus network for seven days. We found 1213 hosts of Domain-Flux malware existing on campus network, including the known Conficker, Fosniw and several new Domain-Flux malwares that have never been reported before. We classified 197,026 DGA domains and gave the representative generated patterns for a better understanding of the Domain-Flux mechanism.
6
Yang, Cheng, Tianliang Lu, Shangyi Yan, Jianling Zhang, and Xingzhan Yu. "N-Trans: Parallel Detection Algorithm for DGA Domain Names." Future Internet 14, no. 7 (2022): 209. http://dx.doi.org/10.3390/fi14070209.
Full textAbstract:
Domain name generation algorithms are widely used in malware, such as botnet binaries, to generate large sequences of domain names of which some are registered by cybercriminals. Accurate detection of malicious domains can effectively defend against cyber attacks. The detection of such malicious domain names by the use of traditional machine learning algorithms has been explored by many researchers, but still is not perfect. To further improve on this, we propose a novel parallel detection model named N-Trans that is based on the N-gram algorithm with the Transformer model. First, we add flag bits to the first and last positions of the domain name for the parallel combination of the N-gram algorithm and Transformer framework to detect a domain name. The model can effectively extract the letter combination features and capture the position features of letters in the domain name. It can capture features such as the first and last letters in the domain name and the position relationship between letters. In addition, it can accurately distinguish between legitimate and malicious domain names. In the experiment, the dataset is the legal domain name of Alexa and the malicious domain name collected by the 360 Security Lab. The experimental results show that the parallel detection model based on N-gram and Transformer achieves 96.97% accuracy for DGA malicious domain name detection. It can effectively and accurately identify malicious domain names and outperforms the mainstream malicious domain name detection algorithms.
7
Qiao, Yanchen, Bin Zhang, Weizhe Zhang, Arun Kumar Sangaiah, and Hualong Wu. "DGA Domain Name Classification Method Based on Long Short-Term Memory with Attention Mechanism." Applied Sciences 9, no. 20 (2019): 4205. http://dx.doi.org/10.3390/app9204205.
Full textAbstract:
Currently, many cyberattacks use the Domain Generation Algorithm (DGA) to generate random domain names, so as to maintain communication with the Communication and Control (C&C) server. Discovering DGA domain names in advance could help to detect attacks and response in time. However, in recent years, the General Data Protection Regulation (GDPR) has been promulgated and implemented, and the method of DGA classification based on the context information, such as the WHOIS (the information about the registered users or assignees of the domain name) , is no longer applicable. At the same time, acquiring the DGA algorithm by reversing malware samples encounters the problem of no malware samples for various reasons, such as fileless malware. We propose a DGA domain name classification method based on Long Short-Term Memory (LSTM) with attention mechanism. This method is oriented to the character sequence of the domain name, and it uses the LSTM combined with attention mechanism to construct the DGA domain name classifier to achieve the rapid classification of domain names. The experimental results show that the method has a good classification result.
8
Namgung, Juhong, Siwoon Son, and Yang-Sae Moon. "Efficient Deep Learning Models for DGA Domain Detection." Security and Communication Networks 2021 (January 18, 2021): 1–15. http://dx.doi.org/10.1155/2021/8887881.
Full textAbstract:
In recent years, cyberattacks using command and control (C&C) servers have significantly increased. To hide their C&C servers, attackers often use a domain generation algorithm (DGA), which automatically generates domain names for the C&C servers. Accordingly, extensive research on DGA domain detection has been conducted. However, existing methods cannot accurately detect continuously generated DGA domains and can easily be evaded by an attacker. Recently, long short-term memory- (LSTM-) based deep learning models have been introduced to detect DGA domains in real time using only domain names without feature extraction or additional information. In this paper, we propose an efficient DGA domain detection method based on bidirectional LSTM (BiLSTM), which learns bidirectional information as opposed to unidirectional information learned by LSTM. We further maximize the detection performance with a convolutional neural network (CNN) + BiLSTM ensemble model using Attention mechanism, which allows the model to learn both local and global information in a domain sequence. Experimental results show that existing CNN and LSTM models achieved F1-scores of 0.9384 and 0.9597, respectively, while the proposed BiLSTM and ensemble models achieved higher F1-scores of 0.9618 and 0.9666, respectively. In addition, the ensemble model achieved the best performance for most DGA domain classes, enabling more accurate DGA domain detection than existing models.
9
Selvaraj, Sarojini, and Rukmani Panjanathan. "WordDGA: Hybrid Knowledge-Based Word-Level Domain Names Against DGA Classifiers and Adversarial DGAs." Informatics 11, no. 4 (2024): 92. http://dx.doi.org/10.3390/informatics11040092.
Full textAbstract:
A Domain Generation Algorithm (DGA) employs botnets to generate domain names through a communication link between the C&C server and the bots. A DGA can generate pseudo-random AGDs (algorithmically generated domains) regularly, a handy method for detecting bots on the C&C server. Unlike current DGA detection methods, AGDs can be identified with lightweight, promising technology. DGAs can prolong the life of a viral operation, improving its profitability. Recent research on the sensitivity of deep learning to various adversarial DGAs has sought to enhance DGA detection techniques. They have character- and word-level classifiers; hybrid-level classifiers may detect and classify AGDs generated by DGAs, significantly diminishing the effectiveness of DGA classifiers. This work introduces WordDGA, a hybrid RCNN-BiLSTM-based adversarial DGA with strong anti-detection capabilities based on NLP and cWGAN, which offers word- and hybrid-level evasion techniques. It initially models the semantic relationships between benign and DGA domains by constructing a prediction model with a hybrid RCNN-BiLSTM network. To optimize the similarity between benign and DGA domain names, it modifies phrases from each input domain using the prediction model to detect DGA family categorizations. The experimental results reveal that dodging numerous wordlists and mixed-level DGA classifiers with training and testing sets improves word repetition rate, domain collision rate, attack success rate, and detection rate, indicating the usefulness of cWGAN-based oversampling in the face of adversarial DGAs.
10
Anoop, Reddy Thatipalli, Aravamudu Preetham, Kartheek K., and Dennisan Aju. "Exploring and comparing various machine and deep learning technique algorithms to detect domain generation algorithms of malicious variants." Computer Science and Information Technologies 3, no. 2 (2022): 94–103. https://doi.org/10.11591/csit.v3i2.pp94-103.
Full textAbstract:
Domain generation algorithm (DGA) is used as the main source of script in different groups of malwares, which generates the domain names of points and will further be used for command-and-control servers. The security measures usually identify the malware but the domain name algorithms will be updating themselves in order to avoid the less efficient older security detection methods. The reason being the older detection methods does not use either the machine learning or deep learning algorithms to detect the DGAs. Thus, the impact of incorporating the machine learning and deep learning techniques to detect the DGA is well discussed. As a result, they can create a huge number of domains to avoid debar and henceforth, block the hackers and zombie systems with the older methods itself. The main purpose of this research work is to compare and analyse by implementing various machine learning algorithms that suits the respective dataset yielding better results. In this research paper, the obtained dataset is pre-processed and the respective data is processed by different machine learning algorithms such as random forest (RF), support vector machine (SVM), Naive Bayes classifier, H20 AutoML, convolutional neural network (CNN), long shortterm memory neural network (LSTM) for the classification. It is observed and understood that the LSTM provides a better classification efficiency of 98% and the H20 AutoML method giving the least efficiency of 75%.
11
Thatipalli, Anoop Reddy, Preetham Aravamudu, K. Kartheek, and Aju Dennisan. "Exploring and comparing various machine and deep learning technique algorithms to detect domain generation algorithms of malicious variants." Computer Science and Information Technologies 3, no. 2 (2022): 94–103. http://dx.doi.org/10.11591/csit.v3i2.p94-103.
Full textAbstract:
Domain generation algorithm (DGA) is used as the main source of script in different groups of malwares, which generates the domain names of points and will further be used for command-and-control servers. The security measures usually identify the malware but the domain name algorithms will be updating themselves in order to avoid the less efficient older security detection methods. The reason being the older detection methods does not use either the machine learning or deep learning algorithms to detect the DGAs. Thus, the impact of incorporating the machine learning and deep learning techniques to detect the DGA is well discussed. As a result, they can create a huge number of domains to avoid debar and henceforth, block the hackers and zombie systems with the older methods itself. The main purpose of this research work is to compare and analyse by implementing various machine learning algorithms that suits the respective dataset yielding better results. In this research paper, the obtained dataset is pre-processed and the respective data is processed by different machine learning algorithms such as random forest (RF), support vector machine (SVM), Naive Bayes classifier, H20 AutoML, convolutional neural network (CNN), long short-term memory neural network (LSTM) for the classification. It is observed and understood that the LSTM provides a better classification efficiency of 98% and the H20 AutoML method giving the least efficiency of 75%.
12
Anoop Reddy Thatipalli, Preetham Aravamudu, K. Kartheek, and Aju Dennisan. "Exploring and comparing various machine and deep learning technique algorithms to detect domain generation algorithms of malicious variants." Computer Science and Information Technologies 3, no. 2 (2022): 94–103. http://dx.doi.org/10.11591/csit.v3i2.pp94-103.
Full textAbstract:
Domain generation algorithm (DGA) is used as the main source of script in different groups of malwares, which generates the domain names of points and will further be used for command-and-control servers. The security measures usually identify the malware but the domain name algorithms will be updating themselves in order to avoid the less efficient older security detection methods. The reason being the older detection methods does not use either the machine learning or deep learning algorithms to detect the DGAs. Thus, the impact of incorporating the machine learning and deep learning techniques to detect the DGA is well discussed. As a result, they can create a huge number of domains to avoid debar and henceforth, block the hackers and zombie systems with the older methods itself. The main purpose of this research work is to compare and analyse by implementing various machine learning algorithms that suits the respective dataset yielding better results. In this research paper, the obtained dataset is pre-processed and the respective data is processed by different machine learning algorithms such as random forest (RF), support vector machine (SVM), Naive Bayes classifier, H20 AutoML, convolutional neural network (CNN), long short-term memory neural network (LSTM) for the classification. It is observed and understood that the LSTM provides a better classification efficiency of 98% and the H20 AutoML method giving the least efficiency of 75%.
13
Niu, Youfeng, Mingxi Guan, Wenhao Yuan, Yilin Chen, Lingyi Chen, and Qiming Yu. "A Bayesian optimization-based LSTM model for DGA domain name identification approach." Journal of Physics: Conference Series 2303, no. 1 (2022): 012015. http://dx.doi.org/10.1088/1742-6596/2303/1/012015.
Full textAbstract:
Abstract In recent years, with the rapid development and rise of mobile Internet, network security issues have also posed a great threat to people. Botnets are an important problem faced by current network security. DNS protocol-based botnets widely use domain generation algorithm (DGA), which can randomly change the domain name to hide itself, and therefore is very likely to threaten people’s network security. In this paper, we use the domain names of the top 1 million websites in the Alexa global ranking as white samples, and for the DGA sample data, we use the open data of 360netlab as black samples. The character sequence model is used for feature extraction, and the LSTM with Bayesian optimization neural network is used to optimize the hyperparameter combination, which finally makes the accuracy of the model above 97%, and the model has superior performance to compare with the conventional model, which can effectively improve the accuracy of DGA detection and recognition.
14
Berman, Daniel S. "DGA CapsNet: 1D Application of Capsule Networks to DGA Detection." Information 10, no. 5 (2019): 157. http://dx.doi.org/10.3390/info10050157.
Full textAbstract:
Domain generation algorithms (DGAs) represent a class of malware used to generate large numbers of new domain names to achieve command-and-control (C2) communication between the malware program and its C2 server to avoid detection by cybersecurity measures. Deep learning has proven successful in serving as a mechanism to implement real-time DGA detection, specifically through the use of recurrent neural networks (RNNs) and convolutional neural networks (CNNs). This paper compares several state-of-the-art deep-learning implementations of DGA detection found in the literature with two novel models: a deeper CNN model and a one-dimensional (1D) Capsule Networks (CapsNet) model. The comparison shows that the 1D CapsNet model performs as well as the best-performing model from the literature.
15
Mattia, Zago, Gil Pérez Manuel, and Martínez Pérez Gregorio. "Early DGA-Based Botnet Identification: Pushing Detection to the Edges." Cluster Computing 24 (January 2, 2021): 1695–710. https://doi.org/10.1007/s10586-020-03213-z.
Full textAbstract:
With the first commercially available 5G infrastructures, worldwide’s attention is shifting to the next generation of theorised technologies that might be finally deployable. In this context, the cybersecurity of edge equipment and end-devices must be a top priority as botnets see their spread remarkably increase. Most of them rely on algorithmically generated domain names (AGDs) to evade detection and remain shrouded from intrusion detection systems, via the so-called Domain Generation Algorithm (DGA). Despite the issue, by applying concepts such as distributed computing and federated learning, the cybersecurity community has prototyped and developed dynamic and scalable solutions that leverage the increased capabilities and connectivity of edge devices. This article proposes a lightweight and privacy-preserving framework that pushes the intelligence modules to the edges aiming to achieve early DGA-based botnet detection in mobile and edge-oriented scenarios. Experimental results prove the deployability of such architecture at all levels, including resource-constrained end-devices.
16
Xie, Mingtian, Ruifeng He, and Aixing He. "Deep learning DGA malicious domain name detection based on multi-stage feature fusion." Applied and Computational Engineering 64, no. 1 (2024): 1–8. http://dx.doi.org/10.54254/2755-2721/64/20241334.
Full textAbstract:
In recent years, cybersecurity issues have emerged one after another, with botnets extensively utilizing Domain Generation Algorithms (DGA) to evade detection. To address the issue of insufficient detection accuracy in existing DGA malicious domain detection models, this paper proposes a deep learning detection model based on multi-stage feature fusion. By extracting local feature information and positional information of domain name sequences through the fusion of Multilayer Convolutional Neural Network (MCNN) and Transformer, and capturing the long-distance contextual semantic features of domain name sequences through Bi-directional Long Short-Term Memory Network (BiLSTM), these features are finally fused for malicious domain classification. Experimental results show that the model maintains an average Accuracy of 93.26% and an average F1-Score of 93.32% for 33 DGA families, demonstrating better comprehensive detection performance compared to other deep learning detection algorithms.
17
Maia, Ricardo J. M., Dustin Ray, Sikha Pentyala, et al. "An end-to-end framework for private DGA detection as a service." PLOS ONE 19, no. 8 (2024): e0304476. http://dx.doi.org/10.1371/journal.pone.0304476.
Full textAbstract:
Domain Generation Algorithms (DGAs) are used by malware to generate pseudorandom domain names to establish communication between infected bots and command and control servers. While DGAs can be detected by machine learning (ML) models with great accuracy, offering DGA detection as a service raises privacy concerns when requiring network administrators to disclose their DNS traffic to the service provider. The main scientific contribution of this paper is to propose the first end-to-end framework for privacy-preserving classification as a service of domain names into DGA (malicious) or non-DGA (benign) domains. Our framework achieves these goals by carefully designed protocols that combine two privacy-enhancing technologies (PETs), namely secure multi-party computation (MPC) and differential privacy (DP). Through MPC, our framework enables an enterprise network administrator to outsource the problem of classifying a DNS (Domain Name System) domain as DGA or non-DGA to an external organization without revealing any information about the domain name. Moreover, the service provider’s ML model used for DGA detection is never revealed to the network administrator. Furthermore, by using DP, we also ensure that the classification result cannot be used to learn information about individual entries of the training data. Finally, we leverage post-training float16 quantization of deep learning models in MPC to achieve efficient, secure DGA detection. We demonstrate that by using quantization achieves a significant speed-up, resulting in a 23% to 42% reduction in inference runtime without reducing accuracy using a three party secure computation protocol tolerating one corruption. Previous solutions are not end-to-end private, do not provide differential privacy guarantees for the model’s outputs, and assume that model embeddings are publicly known. Our best protocol in terms of accuracy runs in about 0.22s.
18
Ma, Wei, Xing Wang, Jiguang Wang, and Qianyun Chen. "A Lightweight Hybrid Detection Method for Botnet." International Journal of Circuits, Systems and Signal Processing 15 (August 12, 2021): 960–69. http://dx.doi.org/10.46300/9106.2021.15.103.
Full textAbstract:
Botnet is a serious threat for the Internet and it has created great damage to the Internet. How to detect botnet has become an ongoing endeavor research. Series of methods have been discussed in recent research. However, one of the remaining challenges is that the high computational overhead. In this paper, a lightweight hybrid botnet detection method is proposed. Considering the features in the botnet data packets and the characteristic of employing DGA (Domain Generation Algorithm) domain names to connect to the botnet, two sensors are designed and deployed individually and parallelly. Signature detection is used on the gateway sensor to dig out known bot software and deep learning based techniques are used on the DNS (Domain Name Server) server sensor to find DGA domain names. With this method, the computational overhead would be shared by the two sensors and experiments are conducted and the results indicate that the method is effective in detecting botnet
19
Satoh, Akihiro, Yutaka Fukuda, Gen Kitagata, and Yutaka Nakamura. "A Word-Level Analytical Approach for Identifying Malicious Domain Names Caused by Dictionary-Based DGA Malware." Electronics 10, no. 9 (2021): 1039. http://dx.doi.org/10.3390/electronics10091039.
Full textAbstract:
Computer networks are facing serious threats from the emergence of malware with sophisticated DGAs (Domain Generation Algorithms). This type of DGA malware dynamically generates domain names by concatenating words from dictionaries for evading detection. In this paper, we propose an approach for identifying the callback communications of such dictionary-based DGA malware by analyzing their domain names at the word level. This approach is based on the following observations: These malware families use their own dictionaries and algorithms to generate domain names, and accordingly, the word usages of malware-generated domains are distinctly different from those of human-generated domains. Our evaluation indicates that the proposed approach is capable of achieving accuracy, recall, and precision as high as 0.9989, 0.9977, and 0.9869, respectively, when used with labeled datasets. We also clarify the functional differences between our approach and other published methods via qualitative comparisons. Taken together, these results suggest that malware-infected machines can be identified and removed from networks using DNS queries for detected malicious domain names as triggers. Our approach contributes to dramatically improving network security by providing a technique to address various types of malware encroachment.
20
Vranken, Harald, and Hassan Alizadeh. "Detection of DGA-Generated Domain Names with TF-IDF." Electronics 11, no. 3 (2022): 414. http://dx.doi.org/10.3390/electronics11030414.
Full textAbstract:
Botnets often apply domain name generation algorithms (DGAs) to evade detection by generating large numbers of pseudo-random domain names of which only few are registered by cybercriminals. In this paper, we address how DGA-generated domain names can be detected by means of machine learning and deep learning. We first present an extensive literature review on recent prior work in which machine learning and deep learning have been applied for detecting DGA-generated domain names. We observe that a common methodology is still missing, and the use of different datasets causes that experimental results can hardly be compared. We next propose the use of TF-IDF to measure frequencies of the most relevant n-grams in domain names, and use these as features in learning algorithms. We perform experiments with various machine-learning and deep-learning models using TF-IDF features, of which a deep MLP model yields the best results. For comparison, we also apply an LSTM model with embedding layer to convert domain names from a sequence of characters into a vector representation. The performance of our LSTM and MLP models is rather similar, achieving 0.994 and 0.995 AUC, and average F1-scores of 0.907 and 0.891 respectively.
21
Gregório, João Rafael, Adriano Mauro Cansian, and Leandro Alves Neves. "Class Incremental Deep Learning: A Computational Scheme to Avoid Catastrophic Forgetting in Domain Generation Algorithm Multiclass Classification." Applied Sciences 14, no. 16 (2024): 7244. http://dx.doi.org/10.3390/app14167244.
Full textAbstract:
Domain Generation Algorithms (DGAs) are algorithms present in most malware used by botnets and advanced persistent threats. These algorithms dynamically generate domain names to maintain and obfuscate communication between the infected device and the attacker’s command and control server. Since DGAs are used by many threats, it is extremely important to classify a given DGA according to the threat it is related to. In addition, as new threats emerge daily, classifier models tend to become obsolete over time. Deep neural networks tend to lose their classification ability when retrained with a dataset that is significantly different from the initial one, a phenomenon known as catastrophic forgetting. This work presents a computational scheme composed of a deep learning model based on CNN and natural language processing and an incremental learning technique for class increment through transfer learning to classify 60 DGA families and include a new family to the classifier model, training the model incrementally using some examples from known families, avoiding catastrophic forgetting and maintaining metric levels. The proposed methodology achieved an average precision of 86.75%, an average recall of 83.06%, and an average F1 score of 83.78% with the full dataset, and suffered minimal losses when applying the class increment.
22
Tang, Jisheng, Yiling Guan, Shenghui Zhao, Huibin Wang, and Yinong Chen. "DGA Domain Detection Based on Transformer and Rapid Selective Kernel Network." Electronics 13, no. 24 (2024): 4982. https://doi.org/10.3390/electronics13244982.
Full textAbstract:
Botnets pose a significant challenge in network security by leveraging Domain Generation Algorithms (DGA) to evade traditional security measures. Extracting DGA domain samples is inherently complex, and the current DGA detection models often struggle to capture domain features effectively when facing limited training data. This limitation results in suboptimal detection performance and an imbalance between model accuracy and complexity. To address these challenges, this paper introduces a novel multi-scale feature fusion model that integrates the Transformer architecture with the Rapid Selective Kernel Network (R-SKNet). The proposed model employs the Transformer’s encoder to couple the single-domain character elements with the multiple types of relationships within the global domain block. This paper proposes integrating R-SKNet into DGA detection and developing an efficient channel attention (ECA) module. By enhancing the branch information guidance in the SKNet architecture, the approach achieves adaptive receptive field selection, multi-scale feature capture, and lightweight yet efficient multi-scale convolution. Moreover, the improved Feature Pyramid Network (FPN) architecture, termed EFAM, is utilized to adjust channel weights for outputs at different stages of the backbone network, leading to achieving multi-scale feature fusion. Experimental results demonstrate that, in tasks with limited training samples, the proposed method achieves lower computational complexity and higher detection accuracy compared to mainstream detection models.
23
Fan, Baoyu, Han Ma, Yue Liu, Xiaochen Yuan, and Wei Ke. "KDTM: Multi-Stage Knowledge Distillation Transfer Model for Long-Tailed DGA Detection." Mathematics 12, no. 5 (2024): 626. http://dx.doi.org/10.3390/math12050626.
Full textAbstract:
As the most commonly used attack strategy by Botnets, the Domain Generation Algorithm (DGA) has strong invisibility and variability. Using deep learning models to detect different families of DGA domain names can improve the network defense ability against hackers. However, this task faces an extremely imbalanced sample size among different DGA categories, which leads to low classification accuracy for small sample categories and even classification failure for some categories. To address this issue, we introduce the long-tailed concept and augment the data of small sample categories by transferring pre-trained knowledge. Firstly, we propose the Data Balanced Review Method (DBRM) to reduce the sample size difference between the categories, thus a relatively balanced dataset for transfer learning is generated. Secondly, we propose the Knowledge Transfer Model (KTM) to enhance the knowledge of the small sample categories. KTM uses a multi-stage transfer to transfer weights from the big sample categories to the small sample categories. Furthermore, we propose the Knowledge Distillation Transfer Model (KDTM) to relieve the catastrophic forgetting problem caused by transfer learning, which adds knowledge distillation loss based on the KTM. The experimental results show that KDTM can significantly improve the classification performance of all categories, especially the small sample categories. It can achieve a state-of-the-art macro average F1 score of 84.5%. The robustness of the KDTM model is verified using three DGA datasets that follow the Pareto distributions.
24
Yang, Luhui, Jiangtao Zhai, Weiwei Liu, et al. "Detecting Word-Based Algorithmically Generated Domains Using Semantic Analysis." Symmetry 11, no. 2 (2019): 176. http://dx.doi.org/10.3390/sym11020176.
Full textAbstract:
In highly sophisticated network attacks, command-and-control (C&C) servers always use domain generation algorithms (DGAs) to dynamically produce several candidate domains instead of static hard-coded lists of IP addresses or domain names. Distinguishing the domains generated by DGAs from the legitimate ones is critical for finding out the existence of malware or further locating the hidden attackers. The word-based DGAs disclosed in recent network attack events have shown significantly stronger stealthiness when compared with traditional character-based DGAs. In word-based DGAs, two or more words are randomly chosen from one or more specific dictionaries to form a dynamic domain, these regularly generated domains aim to mimic the characteristics of a legitimate domain. Existing DGA detection schemes, including the state-of-the-art one based on deep learning, still cannot find out these domains accurately while maintaining an acceptable false alarm rate. In this study, we exploit the inter-word and inter-domain correlations using semantic analysis approaches, word embedding and the part-of-speech are taken into consideration. Next, we propose a detection framework for word-based DGAs by incorporating the frequency distribution of the words and that of part-of-speech into the design of the feature set. Using an ensemble classifier constructed from Naive Bayes, Extra-Trees, and Logistic Regression, we benchmark the proposed scheme with malicious and legitimate domain samples extracted from public datasets. The experimental results show that the proposed scheme can achieve significantly higher detection accuracy for word-based DGAs when compared with three state-of-the-art DGA detection schemes.
25
Nie, Yuanping, Shuangshuang Liu, Cheng Qian, et al. "Multimodel Collaboration to Combat Malicious Domain Fluxing." Electronics 12, no. 19 (2023): 4121. http://dx.doi.org/10.3390/electronics12194121.
Full textAbstract:
This paper proposes a novel domain-generation-algorithm detection framework based on statistical learning that integrates the detection capabilities of multiple heterogeneous models. The framework includes both traditional machine learning methods based on artificial features and deep learning methods, comprehensively analyzing 34 artificial features and advanced features extracted from deep neural networks. Additionally, the framework evaluates the predictions of the base models based on the fit of the samples to each type of sample set and a predefined significance level. The predictions of the base models are statistically analyzed, and the final decision is made using strategies such as voting, confidence, and credibility. Experimental results demonstrate that the DGA detection framework based on statistical learning achieves a higher detection rate compared to the underlying base models, with accuracy, precision, recall, and F1 scores reaching 0.979, 0.977, 0.981, and 0.979, respectively. The framework also exhibits a stronger adaptability to unknown domains and a certain level of robustness against concept drift attacks.
26
Stampar, Miroslav, and Kresimir Fertalj. "Applied machine learning in recognition of DGA domain names." Computer Science and Information Systems, no. 00 (2021): 46. http://dx.doi.org/10.2298/csis210104046s.
Full textAbstract:
Recognition of domain names generated by domain generation algorithms (DGAs) is the essential part of malware detection by inspection of network traffic. Besides basic heuristics (HE) and limited detection based on blacklists, the most promising course seems to be machine learning (ML). There is a lack of studies that extensively compare different ML models in the field of DGA binary classification, including both conventional and deep learning (DL) representatives. Also, those few that exist are either focused on a small set of models, use a poor set of features in ML models or fail to secure unbiased independence between training and evaluation samples. To overcome these limitations, we engineered a robust feature set, and accordingly trained and evaluated 14 ML, 9 DL, and 2 comparative models on two independent datasets. Results show that if ML features are properly engineered, there is a marginal difference in overall score between top ML and DL representatives. This paper represents the first attempt to neutrally compare the performance of many different models for the recognition of DGA domain names, where the best models perform as well as the top representatives from the literature.
27
Lior, Sidi, Nadler Asaf, and Shabtai Asaf. "MaskDGA: An Evasion Attack Against DGA Classifiers and Adversarial Defenses." IEEE Access 8 (September 10, 2020): 161580–92. https://doi.org/10.1109/ACCESS.2020.3020964.
Full textAbstract:
Domain generation algorithms (DGAs) are commonly used by botnets to generate domain names that bots can use to establish communication channels with their command and control servers. Recent publications presented deep learning classifiers that detect algorithmically generated domain (AGD) names in real time with high accuracy and thus significantly reduce the effectiveness of DGAs for botnet communication. In this paper, we present MaskDGA, an evasion technique that uses adversarial learning to modify AGD names in order to evade inline DGA classifiers, without the need for the attacker to possess any knowledge about the DGA classifier's architecture or parameters. MaskDGA was evaluated on four state-of-the-art DGA classifiers and outperformed the recently proposed CharBot and DeepDGA evasion techniques. We also evaluated MaskDGA on enhanced versions of the same classifiers equipped with common adversarial defenses (distillation and adversarial retraining). While the results show that adversarial retraining has some limited effectiveness against the evasion technique, it is clear that a more resilient detection mechanism is required. We also propose an extension to MaskDGA that allows an attacker to omit a subset of the modified AGD names based on the classification results of the attacker's trained model, in order to achieve a desired evasion rate.
28
Zheng, Xingxing, and Xiaona Yin. "A Privacy-Preserved Variational-Autoencoder for DGA Identification in the Education Industry and Distance Learning." Computational Intelligence and Neuroscience 2022 (March 24, 2022): 1–8. http://dx.doi.org/10.1155/2022/7384803.
Full textAbstract:
One of the most insidious methods of bypassing security mechanisms in a modern information system is the domain generation algorithms (DGAs), which are used to disguise the identity of malware by periodically switching the domain name assigned to a command and control (C&C) server. Combating advanced techniques, such as DGAs, is an ongoing challenge that security organizations often need to work with and possibly share private data to train better and more up-to-date machine learning models. This logic raises serious concerns about data integrity, trade-related issues, and strict privacy protocols that must be adhered to. To address the concerns regarding the privacy and security of private data, we propose in this work a privacy-preserved variational-autoencoder to DGA combined with case studies from the education industry and distance learning, specifically because the recent pandemic has brought an explosive increase to remote learning. This is a system that, using the secured multi-party computation (SMPC) methodology, can successfully apply machine learning techniques, specifically the Siamese variational-autoencoder algorithm, on encrypted data and metadata. The method proposed for the first time in the literature facilitates learning specialized extraction functions of useful intermediate representations in complex deep learning architectures, producing improved training stability, high generalization performance, and remarkable categorization accuracy.
29
Duc, Ma Viet, Pham Minh Dang, Tran Thu Phuong, Truong Duc Truong, Vu Hai, and Nguyen Huu Thanh. "Detecting Emerging DGA Malware in Federated Environments via Variational Autoencoder-Based Clustering and Resource-Aware Client Selection." Future Internet 17, no. 7 (2025): 299. https://doi.org/10.3390/fi17070299.
Full textAbstract:
Domain Generation Algorithms (DGAs) remain a persistent technique used by modern malware to establish stealthy command-and-control (C&C) channels, thereby evading traditional blacklist-based defenses. Detecting such evolving threats is especially challenging in decentralized environments where raw traffic data cannot be aggregated due to privacy or policy constraints. To address this, we present FedSAGE, a security-aware federated intrusion detection framework that combines Variational Autoencoder (VAE)-based latent representation learning with unsupervised clustering and resource-efficient client selection. Each client encodes its local domain traffic into a semantic latent space using a shared, pre-trained VAE trained solely on benign domains. These embeddings are clustered via affinity propagation to group clients with similar data distributions and identify outliers indicative of novel threats without requiring any labeled DGA samples. Within each cluster, FedSAGE selects only the fastest clients for training, balancing computational constraints with threat visibility. Experimental results from the multi-zones DGA dataset show that FedSAGE improves detection accuracy by up to 11.6% and reduces energy consumption by up to 93.8% compared to standard FedAvg under non-IID conditions. Notably, the latent clustering perfectly recovers ground-truth DGA family zones, enabling effective anomaly detection in a fully unsupervised manner while remaining privacy-preserving. These foundations demonstrate that FedSAGE is a practical and lightweight approach for decentralized detection of evasive malware, offering a viable solution for secure and adaptive defense in resource-constrained edge environments.
30
Zhuravchak, Danyil, Eduard Kiiko, and Valeriy Dudykevych. "Using EBPF to identify ransomware that use DGA DNS queries." Collection "Information Technology and Security" 11, no. 2 (2023): 166–74. http://dx.doi.org/10.20535/2411-1031.2023.11.2.293760.
Full textAbstract:
In today's world, where the Internet has become an integral part of the functioning of government and corporate institutions, the integrity and availability of information is becoming a key issue for many organizations and individual users. The issue of protection against crypto viruses and attacks, in particular, using DGA (Domain Generation Algorithms), a method used by attackers to automatically generate domain names for client-server (Command & Control) communication in the DNS-based virus ecosystem, is particularly relevant, making it difficult to detect and block them due to the way DNS is used in modern computer networks. Given the growing number of attacks that use DGA, there is a need to develop new methods that are faster and can analyze large traffic flows in real time and provide functionality for detecting and blocking them. eBPF (Extended Berkeley Packet Filter) is a modern tool that allows you to create small programs to monitor and analyze various aspects of the system in real time, including network traffic. These programs are executed directly in the operating system kernel and/or at the network card level. In this study, we consider the possibility of using eBPF to detect DGA activity in DNS traffic. The goal is to determine the effectiveness of real-time ransomware detection. We developed a ransomware analysis lab environment where we developed eBPF-based modules, tested them, and simulated an attack. In addition, a cloud-based data analysis environment based on Splunk was set up and rules for detecting a DGA attack were developed based on this analysis. This article presents the results of developing an eBPF-based program for analyzing DNS traffic, conducting DGA attacks, and methods for detecting them. These results can be an important contribution to the development of strategies to protect against malicious attacks in the network.
31
Lychev, Andrey V. "Synthetic Data Generation for Data Envelopment Analysis." Data 8, no. 10 (2023): 146. http://dx.doi.org/10.3390/data8100146.
Full textAbstract:
The paper is devoted to the problem of generating artificial datasets for data envelopment analysis (DEA), which can be used for testing DEA models and methods. In particular, the papers that applied DEA to big data often used synthetic data generation to obtain large-scale datasets because real datasets of large size, available in the public domain, are extremely rare. This paper proposes the algorithm which takes as input some real dataset and complements it by artificial efficient and inefficient units. The generation process extends the efficient part of the frontier by inserting artificial efficient units, keeping the original efficient frontier unchanged. For this purpose, the algorithm uses the assurance region method and consistently relaxes weight restrictions during the iterations. This approach produces synthetic datasets that are closer to real ones, compared to other algorithms that generate data from scratch. The proposed algorithm is applied to a pair of small real-life datasets. As a result, the datasets were expanded to 50K units. Computational experiments show that artificially generated DMUs preserve isotonicity and do not increase the collinearity of the original data as a whole.
32
Nitz, Lasse, and Avikarsha Mandal. "Bloom Encodings in DGA Detection: Improving Machine Learning Privacy by Building on Privacy-Preserving Record Linkage." JUCS - Journal of Universal Computer Science 30, no. 9 (2024): 1224–43. http://dx.doi.org/10.3897/jucs.134762.
Full textAbstract:
The use of machine learning has shown to benefit a wide range of applications, especially for classification tasks. As such, the detection of algorithmically generated domains to identify corrupted machines has proven itself to be a mature use case with good classification performance. The use of privacy and security sensitive data, however, raises concerns in scenarios that require interaction with external parties. As one of such scenarios, we consider the training of domain generation algorithm detection classifiers in a Machine-Learning-as-a-Service (MLaaS) scenario. We evaluate the use of a Bloom encoding approach from the area of privacy-preserving record linkage to prevent the MLaaS provider from getting to know the exact classification task as well as the data samples transmitted for training and classification. We investigate the threat associated with pattern mining attacks by performing a privacy analysis for two versions of these encodings (basic and randomized). We further identify sets of parameter values which we find to provide an adequate level of protection against these attacks. We see the potential for this approach in machine learning use cases dealing with sensitive data or tasks, especially for MLaaS scenarios dealing with short data samples that lack a clear structure.
33
Nitz, Lasse, and Avikarsha Mandal. "Bloom Encodings in DGA Detection: Improving Machine Learning Privacy by Building on Privacy-Preserving Record Linkage." JUCS - Journal of Universal Computer Science 30, no. (9) (2024): 1224–43. https://doi.org/10.3897/jucs.134762.
Full textAbstract:
The use of machine learning has shown to benefit a wide range of applications, especially for classification tasks. As such, the detection of algorithmically generated domains to identify corrupted machines has proven itself to be a mature use case with good classification performance. The use of privacy and security sensitive data, however, raises concerns in scenarios that require interaction with external parties. As one of such scenarios, we consider the training of domain generation algorithm detection classifiers in a Machine-Learning-as-a-Service (MLaaS) scenario. We evaluate the use of a Bloom encoding approach from the area of privacy-preserving record linkage to prevent the MLaaS provider from getting to know the exact classification task as well as the data samples transmitted for training and classification. We investigate the threat associated with pattern mining attacks by performing a privacy analysis for two versions of these encodings (basic and randomized). We further identify sets of parameter values which we find to provide an adequate level of protection against these attacks. We see the potential for this approach in machine learning use cases dealing with sensitive data or tasks, especially for MLaaS scenarios dealing with short data samples that lack a clear structure.
34
Liu, Zhanghui, Yudong Zhang, Yuzhong Chen, Xinwen Fan, and Chen Dong. "Detection of Algorithmically Generated Domain Names Using the Recurrent Convolutional Neural Network with Spatial Pyramid Pooling." Entropy 22, no. 9 (2020): 1058. http://dx.doi.org/10.3390/e22091058.
Full textAbstract:
Domain generation algorithms (DGAs) use specific parameters as random seeds to generate a large number of random domain names to prevent malicious domain name detection. This greatly increases the difficulty of detecting and defending against botnets and malware. Traditional models for detecting algorithmically generated domain names generally rely on manually extracting statistical characteristics from the domain names or network traffic and then employing classifiers to distinguish the algorithmically generated domain names. These models always require labor intensive manual feature engineering. In contrast, most state-of-the-art models based on deep neural networks are sensitive to imbalance in the sample distribution and cannot fully exploit the discriminative class features in domain names or network traffic, leading to decreased detection accuracy. To address these issues, we employ the borderline synthetic minority over-sampling algorithm (SMOTE) to improve sample balance. We also propose a recurrent convolutional neural network with spatial pyramid pooling (RCNN-SPP) to extract discriminative and distinctive class features. The recurrent convolutional neural network combines a convolutional neural network (CNN) and a bi-directional long short-term memory network (Bi-LSTM) to extract both the semantic and contextual information from domain names. We then employ the spatial pyramid pooling strategy to refine the contextual representation by capturing multi-scale contextual information from domain names. The experimental results from different domain name datasets demonstrate that our model can achieve 92.36% accuracy, an 89.55% recall rate, a 90.46% F1-score, and 95.39% AUC in identifying DGA and legitimate domain names, and it can achieve 92.45% accuracy rate, a 90.12% recall rate, a 90.86% F1-score, and 96.59% AUC in multi-classification problems. It achieves significant improvement over existing models in terms of accuracy and robustness.
35
Ranjana B. Nadagoudar. "Algorithmically Generated Domain Names Detection Using Gated Recurrent Unit Deep Learning." Journal of Electrical Systems 20, no. 7s (2024): 469–81. http://dx.doi.org/10.52783/jes.3342.
Full textAbstract:
The modern malware increasingly employs domain generation algorithms (DGAs) to evade traditional DNS query detection methods, such as blacklisting or reverse engineering of suspicious domain names. These algorithms generate vast numbers of random domain names to establish communication with Command and Control (C&C) servers, posing significant challenges for detection. Previous research has predominantly relied on classical machine learning algorithms, necessitating manual feature extraction and classification, which is both time-consuming and labour-intensive this paper, we propose a deep learning-based architecture for detecting DGA-generated domain names. Our model utilizes recurrent networks with gated recurrent units (GRUs) for domain name detection. By converting domain names into vectors and employing GRUs, the model autonomously learns features, eliminating the need for manual intervention in feature extraction. Compared to traditional methods, our approach reduces time costs associated with feature extraction. The experimental result demonstrates the effectiveness of our proposed GRU achieving 98% accuracy, 94% recall rate, 93% precision, and an Area Under the Curve (AUC) of 99.6%. The GRUarchitecture outperforms LSTM models in terms of recall rate and accuracy while requiring less computational resources, indicating significant performance enhancement.
36
Danylo Chepel and Serhii Malakhov. "Summary of DNS traffic filtering trends as a component of modern information systems security." Computer Science and Cybersecurity, no. 1 (September 9, 2024): 6–21. http://dx.doi.org/10.26565/2519-2310-2024-1-01.
Full textAbstract:
The study analyzes sources related to methods and technologies for DNS (Domain Name System) traffic filtering. Five main directions are identified that are actively used to enhance security at the DNS level. All examined technologies offer improvements in the quality of DNS filtering. It is emphasized that combining different approaches simultaneously can enhance overall security. The summary of research results on DNS traffic security issues indicates certain problems in the quality of the threat intelligence channels used. Therefore, the implementation of AI and LM technologies should enhance the "depth" of extracting useful information about current threats. It is emphasized that the consideration of information security issues should be conducted exclusively in the context of preventing the disparity of artificial intelligence (AI) capabilities in favor of the adversary (i.e., cybercriminals). Practically, this means that future DNS filtering systems should widely implement the latest advancements in VR, AI, LM, and DL technologies. This is particularly important in countering Domain Generation Algorithm (DGA) mechanisms and the spread of botnets. The specific issues of ensuring a consensus on the security and performance of current information and communication systems when implementing DNS encryption tools are highlighted. The primary problem associated with DNS traffic encryption is the potential for its misuse by attackers to conceal their destructive activities (phishing, spam, etc.).
37
Abdullahi, S. M., A. Mohammed, R. Y. Ibrahim, and A. S. Shamsuddeen. "Detection of Algorithmically Generated Domain Names using Ensemble Machine Learning Technique." Advances in Multidisciplinary and scientific Research Journal Publication 2, no. 2 (2023): 27–34. http://dx.doi.org/10.22624/aims/csean-smart2023p4.
Full textAbstract:
Prior to now, cyber attackers use malwares with hard-coded domain names stored in the malware binaries that communicate with a command and control (C&C) servers to launch cyber-attacks on their victim computers. Malware attacks such as botnets and ransomwares are some of the most prevalent forms of these attacks. As soon as a system is infected with a malware (either a botnet or a ransomware), one of the most essential components is to establish a secured communication with the botmaster (i.e., the malware author), through a C&C server. However, with a simple reverse engineering technique, cyber security experts could detect and block these domain names, hence, denying them the ability to communicate with the C&C servers and from receiving further instructions from the botmaster. This led to cyber criminals developing the Domain Generation Algorithm (DGA) technique, which algorithmically generate thousands or more candidate’s domain names for communication with the C&C server, thereby obfuscating the domain names of these malwares and making it difficult for cyber security experts to detect or block these domain names. This paper therefore proposes an ensemble machine learning technique for the detection and classification of algorithmically generated domain names (AGDNs) leveraging the combined strength of 4 different machine learning algorithms: Naïve Bayes, SVM, Random Forest and CART. The models were trained twice, first with 4 features and thereafter with 10 features. In order to effectively utilise the result of the predictions, we used a voting-based ensemble approach, where the final classification is decided by the majority vote of the algorithms. Result of the research shows that the Naïve Bayes model performed better than all the other models with an accuracy of 97.54% when trained with 10 features and 95.99% when trained with 4 features. Keywords: WSN, DDoS, Intrusion Detection System, Random Forest, Machine Learning. Proceedings Citation Format Abdullahi, S.M., Mohammed, A., Ibrahim, R.Y. & Shamsuddeen, A. (2023): Detection of Algorithmically Generated Domain Names using Ensemble Machine Learning Technique. Proceedings of the Cyber Secure Nigeria Conference. Nigerian Army Resource Centre (NARC) Abuja, Nigeria. 11-12th July, 2023. Pp 27-34. https://cybersecurenigeria.org/conference-proceedings/volume-2-2023/ dx.doi.org/10.22624/AIMS/CSEAN-SMART2023P2.
38
Krismanto, Awan Uji, and Herlambang Setiadi. "Intelligent Load Frequency Control considering Large Scale Photovoltaic Generation." International Journal of Smart Grid and Sustainable Energy Technologies 2, no. 1 (2019): 79–87. http://dx.doi.org/10.36040/ijsgset.v2i1.220.
Full textAbstract:
Large-scale renewable energy integration involving large scale PV plant is becoming popular in the last decade due to global warming and climate change. PV plant offers clean and environmentally friendly electricity. However, PV plant also provides unwanted impact in term of frequency stability. Hence appropriate, load frequency control due to the integration of PV plant is inevitable. This paper proposed an intelligent approach based on a differential evolutional algorithm (DEA) to optimize the control parameters of load frequency control (LFC) device. Time domain simulation was carried out to analyses, the frequency nadir of the system. The simulation results suggested that a significant enhancement of system dynamic behavior was monitored when the control parameters of LFC were optimized using the proposed DEA. Moreover, the proposed algorithm provided a promising result to improve system dynamic response in the system with high penetration of PV power plant.
39
Brafman, R. I., and C. Domshlak. "Structure and Complexity in Planning with Unary Operators." Journal of Artificial Intelligence Research 18 (April 1, 2003): 315–49. http://dx.doi.org/10.1613/jair.1146.
Full textAbstract:
Unary operator domains -- i.e., domains in which operators have a single effect -- arise naturally in many control problems. In its most general form, the problem of STRIPS planning in unary operator domains is known to be as hard as the general STRIPS planning problem -- both are PSPACE-complete. However, unary operator domains induce a natural structure, called the domain's causal graph. This graph relates between the preconditions and effect of each domain operator. Causal graphs were exploited by Williams and Nayak in order to analyze plan generation for one of the controllers in NASA's Deep-Space One spacecraft. There, they utilized the fact that when this graph is acyclic, a serialization ordering over any subgoal can be obtained quickly. In this paper we conduct a comprehensive study of the relationship between the structure of a domain's causal graph and the complexity of planning in this domain. On the positive side, we show that a non-trivial polynomial time plan generation algorithm exists for domains whose causal graph induces a polytree with a constant bound on its node indegree. On the negative side, we show that even plan existence is hard when the graph is a directed-path singly connected DAG. More generally, we show that the number of paths in the causal graph is closely related to the complexity of planning in the associated domain. Finally we relate our results to the question of complexity of planning with serializable subgoals.
40
Kamarudin, Nur Khairani, Ahmad Firdaus, Mohd Zamri Osman, et al. "The Rise of Deep Learning in Cyber Security: Bibliometric Analysis of Deep Learning and Malware." JOIV : International Journal on Informatics Visualization 8, no. 3 (2024): 1398. http://dx.doi.org/10.62527/joiv.8.3.1535.
Full textAbstract:
Deep learning is a machine learning technology that allows computational models to learn via experience, mimicking human cognitive processes. This method is critical in the development of identifying certain objects, and provides the computational intelligence required to identify multiple objects and distinguish it between object A or Object B. On the other hand, malware is defined as malicious software that seeks to harm or disrupt computers and systems. Its main categories include viruses, worms, Trojan horses, spyware, adware, and ransomware. Hence, many deep learning researchers apply deep learning in their malware studies. However, few articles still investigate deep learning and malware in a bibliometric approach (productivity, research area, institutions, authors, impact journals, and keyword analysis). Hence, this paper reports bibliometric analysis used to discover current and future trends and gain new insights into the relationship between deep learning and malware. This paper’s discoveries include: Deployment of deep learning to detect domain generation algorithm (DGA) attacks; Deployment of deep learning to detect malware in Internet of Things (IoT); The rise of adversarial learning and adversarial attack using deep learning; The emergence of Android malware in deep learning; The deployment of transfer learning in malware research; and active authors on deep learning and malware research, including Soman KP, Vinayakumar R, and Zhang Y.
41
Srinivas A Vaddadi, Sravanthi Dontu, Abhilash Maroju, Rohith Vallabhaneni,. "The Empirical Analysis on Proposed Ids Models based on Deep Learning Techniques for Privacy Preserving Cyber Security." International Journal on Recent and Innovation Trends in Computing and Communication 11, no. 9s (2023): 793–800. http://dx.doi.org/10.17762/ijritcc.v11i9s.9486.
Full textAbstract:
In AI, the deep learning (DL) method of machine learning (ML) places an emphasis on large-scale, scalable models that can learn distributed representations from their input data. The scope and effectiveness of these techniques are demonstrated in this thesis through a number of case studies pertaining to cyber security. By the end of each study, the neural network models had been fine-tuned and expanded to provide better results. The key arguments presented and discussed in this thesis are as follows: 1) Creating an all-inclusive database for domain name detection using domain generation algorithms (DGAs) and a new architecture to improve DGA domain name detection overall performance. 2) Constructing a hybrid intrusion detection warning system that incorporates deep neural networks (DNNs) to examine host-level and network-level behaviours within an Ethernet LAN. thirdly, analysing data from social media platforms, email, and URLs to create a single DL-based framework for detecting spam and phishing. 4) ScaleMalNet, a novel hybrid framework proposal, is part four. This is a two-step process: first, we use static and dynamic analysis to determine if the executable file is malicious or not. Then, we categorise the malicious executable file into the appropriate malware family. Malware and ransomware analysis for Android is accomplished using a hybrid DL framework that is comparable to this one.
42
Al-mashhadi, Saif, Mohammed Anbar, Iznan Hasbullah, and Taief Alaa Alamiedy. "Hybrid rule-based botnet detection approach using machine learning for analysing DNS traffic." PeerJ Computer Science 7 (August 13, 2021): e640. http://dx.doi.org/10.7717/peerj-cs.640.
Full textAbstract:
Botnets can simultaneously control millions of Internet-connected devices to launch damaging cyber-attacks that pose significant threats to the Internet. In a botnet, bot-masters communicate with the command and control server using various communication protocols. One of the widely used communication protocols is the ‘Domain Name System’ (DNS) service, an essential Internet service. Bot-masters utilise Domain Generation Algorithms (DGA) and fast-flux techniques to avoid static blacklists and reverse engineering while remaining flexible. However, botnet’s DNS communication generates anomalous DNS traffic throughout the botnet life cycle, and such anomaly is considered an indicator of DNS-based botnets presence in the network. Despite several approaches proposed to detect botnets based on DNS traffic analysis; however, the problem still exists and is challenging due to several reasons, such as not considering significant features and rules that contribute to the detection of DNS-based botnet. Therefore, this paper examines the abnormality of DNS traffic during the botnet lifecycle to extract significant enriched features. These features are further analysed using two machine learning algorithms. The union of the output of two algorithms proposes a novel hybrid rule detection model approach. Two benchmark datasets are used to evaluate the performance of the proposed approach in terms of detection accuracy and false-positive rate. The experimental results show that the proposed approach has a 99.96% accuracy and a 1.6% false-positive rate, outperforming other state-of-the-art DNS-based botnet detection approaches.
43
Roume, Clément, Samar Ezzina, Hubert Blain, and Didier Delignières. "Biases in the Simulation and Analysis of Fractal Processes." Computational and Mathematical Methods in Medicine 2019 (December 3, 2019): 1–12. http://dx.doi.org/10.1155/2019/4025305.
Full textAbstract:
Fractal processes have recently received a growing interest, especially in the domain of rehabilitation. More precisely, the evolution of fractality with aging and disease, suggesting a loss of complexity, has inspired a number of studies that tried, for example, to entrain patients with fractal rhythms. This kind of study requires relevant methods for generating fractal signals and for assessing the fractality of the series produced by participants. In the present work, we engaged a cross validation of three methods of generation and three methods of analysis. We generated exact fractal series with the Davies–Harte (DH) algorithm, the spectral synthesis method (SSM), and the ARFIMA simulation method. The series were analyzed by detrended fluctuation analysis (DFA), power spectral density (PSD) method, and ARFIMA modeling. Results show that some methods of generation present systematic biases: DH presented a strong bias toward white noise in fBm series close to the 1/f boundary and SSM produced series with a larger variability around the expected exponent, as compared with other methods. In contrast, ARFIMA simulations provided quite accurate series, without major bias. Concerning the methods of analysis, DFA tended to systematically underestimate fBm series. In contrast, PSD yielded overestimates for fBm series. With DFA, the variability of estimates tended to increase for fGn series as they approached the 1/f boundary and reached unacceptable levels for fBm series. The highest levels of variability were produced by PSD. Finally, ARFIMA methods generated the best series and provided the most accurate and less variable estimates.
44
Mohammed, Alaelddin F. Y., Joohyung Lee, and Sangdon Park. "Dynamic Bandwidth Slicing in Passive Optical Networks to Empower Federated Learning." Sensors 24, no. 15 (2024): 5000. http://dx.doi.org/10.3390/s24155000.
Full textAbstract:
Federated Learning (FL) is a decentralized machine learning method in which individual devices compute local models based on their data. In FL, devices periodically share newly trained updates with the central server, rather than submitting their raw data. The key characteristics of FL, including on-device training and aggregation, make it interesting for many communication domains. Moreover, the potential of new systems facilitating FL in sixth generation (6G) enabled Passive Optical Networks (PON), presents a promising opportunity for integration within this domain. This article focuses on the interaction between FL and PON, exploring approaches for effective bandwidth management, particularly in addressing the complexity introduced by FL traffic. In the PON standard, advanced bandwidth management is proposed by allocating multiple upstream grants utilizing the Dynamic Bandwidth Allocation (DBA) algorithm to be allocated for an Optical Network Unit (ONU). However, there is a lack of research on studying the utilization of multiple grant allocation. In this paper, we address this limitation by introducing a novel DBA approach that efficiently allocates PON bandwidth for FL traffic generation and demonstrates how multiple grants can benefit from the enhanced capacity of implementing PON in carrying out FL flows. Simulations conducted in this study show that the proposed solution outperforms state-of-the-art solutions in several network performance metrics, particularly in reducing upstream delay. This improvement holds great promise for enabling real-time data-intensive services that will be key components of 6G environments. Furthermore, our discussion outlines the potential for the integration of FL and PON as an operational reality capable of supporting 6G networking.
45
Fan, Shaohua, Shuyang Zhang, Xiao Wang, and Chuan Shi. "Directed Acyclic Graph Structure Learning from Dynamic Graphs." Proceedings of the AAAI Conference on Artificial Intelligence 37, no. 6 (2023): 7512–21. http://dx.doi.org/10.1609/aaai.v37i6.25913.
Full textAbstract:
Estimating the structure of directed acyclic graphs (DAGs) of features (variables) plays a vital role in revealing the latent data generation process and providing causal insights in various applications. Although there have been many studies on structure learning with various types of data, the structure learning on the dynamic graph has not been explored yet, and thus we study the learning problem of node feature generation mechanism on such ubiquitous dynamic graph data. In a dynamic graph, we propose to simultaneously estimate contemporaneous relationships and time-lagged interaction relationships between the node features. These two kinds of relationships form a DAG, which could effectively characterize the feature generation process in a concise way. To learn such a DAG, we cast the learning problem as a continuous score-based optimization problem, which consists of a differentiable score function to measure the validity of the learned DAGs and a smooth acyclicity constraint to ensure the acyclicity of the learned DAGs. These two components are translated into an unconstraint augmented Lagrangian objective which could be minimized by mature continuous optimization techniques. The resulting algorithm, named GraphNOTEARS, outperforms baselines on simulated data across a wide range of settings that may encounter in real-world applications. We also apply the proposed approach on two dynamic graphs constructed from the real-world Yelp dataset, demonstrating our method could learn the connections between node features, which conforms with the domain knowledge.
46
HE, LEI, and GUOWEI MA. "DEVELOPMENT OF 3D NUMERICAL MANIFOLD METHOD." International Journal of Computational Methods 07, no. 01 (2010): 107–29. http://dx.doi.org/10.1142/s0219876210002088.
Full textAbstract:
The numerical manifold method (NMM) is a combination of the finite element method (FEM) and discontinuous deformation analysis (DDA) method. It provides a robust numerical solution to a solid medium with dense discontinuities. This paper extends NMM to the three-dimensional domain based on the 2D fundamentals. The general framework of the 3D NMM is introduced, including the cover geometry patterns (GP) with division structure from hexahedron to tetrahedron, and general formulations based on the virtual work principle. The block cutting process to generate discrete blocks are discussed through the topological structure description of blocks, and the operation rule of blocks is explained. The proposed 3D block generation algorithm allows for any arbitrary discrete structure or block system. Three numerical examples are presented to demonstrate that the developed 3D numerical manifold code is effective and applicable to 3D continuum solids. Further developments aim to incorporate contact models to simulate complicated discrete block system.
47
Park, Seongjoon, and Hwangnam Kim. "DAG-Based Distributed Ledger for Low-Latency Smart Grid Network." Energies 12, no. 18 (2019): 3570. http://dx.doi.org/10.3390/en12183570.
Full textAbstract:
In this paper, we propose a scheme that implements a Distributed Ledger Technology (DLT) based on Directed Acyclic Graph (DAG) to generate, validate, and confirm the electricity transaction in Smart Grid. The convergence of the Smart Grid and distributed ledger concept has recently been introduced. Since Smart Grids require a distributed network architecture for power distribution and trading, the Distributed Ledger-based Smart Grid design is a spotlighted research domain. However, only the Blockchain-based methods, which are a type of the distributed ledger scheme, are currently either being considered or adopted in the Smart Grid. Due to computation-intensive consensus schemes such as Proof-of-Work and discrete block generation, Blockchain-based distributed ledger systems suffer from efficiency and latency issues. We propose a DAG-based distributed ledger for Smart Grids, called PowerGraph, to resolve this problem. Since a DAG-based distributed ledger does not need to generate blocks for confirmation, each transaction of the PowerGraph undergoes the validation and confirmation process individually. In addition, transactions in PowerGraph are used to keep track of the energy trade and include various types of transactions so that they can fully encompass the events in the Smart Grid network. Finally, to ensure that PowerGraph maintains a high performance, we modeled the PowerGraph performance and proposed a novel consensus algorithm that would result in the rapid confirmation of transactions. We use numerical evaluations to show that PowerGraph can accelerate the transaction processing speed by over 5 times compared to existing DAG-based DLT system.
48
McClay, Wilbert. "A Magnetoencephalographic/Encephalographic (MEG/EEG) Brain-Computer Interface Driver for Interactive iOS Mobile Videogame Applications Utilizing the Hadoop Ecosystem, MongoDB, and Cassandra NoSQL Databases." Diseases 6, no. 4 (2018): 89. http://dx.doi.org/10.3390/diseases6040089.
Full textAbstract:
In Phase I, we collected data on five subjects yielding over 90% positive performance in Magnetoencephalographic (MEG) mid-and post-movement activity. In addition, a driver was developed that substituted the actions of the Brain Computer Interface (BCI) as mouse button presses for real-time use in visual simulations. The process was interfaced to a flight visualization demonstration utilizing left or right brainwave thought movement, the user experiences, the aircraft turning in the chosen direction, or on iOS Mobile Warfighter Videogame application. The BCI’s data analytics of a subject’s MEG brain waves and flight visualization performance videogame analytics were stored and analyzed using the Hadoop Ecosystem as a quick retrieval data warehouse. In Phase II portion of the project involves the Emotiv Encephalographic (EEG) Wireless Brain–Computer interfaces (BCIs) allow for people to establish a novel communication channel between the human brain and a machine, in this case, an iOS Mobile Application(s). The EEG BCI utilizes advanced and novel machine learning algorithms, as well as the Spark Directed Acyclic Graph (DAG), Cassandra NoSQL database environment, and also the competitor NoSQL MongoDB database for housing BCI analytics of subject’s response and users’ intent illustrated for both MEG/EEG brainwave signal acquisition. The wireless EEG signals that were acquired from the OpenVibe and the Emotiv EPOC headset can be connected via Bluetooth to an iPhone utilizing a thin Client architecture. The use of NoSQL databases were chosen because of its schema-less architecture and Map Reduce computational paradigm algorithm for housing a user’s brain signals from each referencing sensor. Thus, in the near future, if multiple users are playing on an online network connection and an MEG/EEG sensor fails, or if the connection is lost from the smartphone and the webserver due to low battery power or failed data transmission, it will not nullify the NoSQL document-oriented (MongoDB) or column-oriented Cassandra databases. Additionally, NoSQL databases have fast querying and indexing methodologies, which are perfect for online game analytics and technology. In Phase II, we collected data on five MEG subjects, yielding over 90% positive performance on iOS Mobile Applications with Objective-C and C++, however on EEG signals utilized on three subjects with the Emotiv wireless headsets and (n < 10) subjects from the OpenVibe EEG database the Variational Bayesian Factor Analysis Algorithm (VBFA) yielded below 60% performance and we are currently pursuing extending the VBFA algorithm to work in the time-frequency domain referred to as VBFA-TF to enhance EEG performance in the near future. The novel usage of NoSQL databases, Cassandra and MongoDB, were the primary main enhancements of the BCI Phase II MEG/EEG brain signal data acquisition, queries, and rapid analytics, with MapReduce and Spark DAG demonstrating future implications for next generation biometric MEG/EEG NoSQL databases.
49
Gangadhar Puranik, Vishal, Vasudhevan V, Sunil Kumar, Kalpana C, Amutha J, and Ramesh Babu P. "Differential Genetic Algorithm for Auto-Overlay of the Skull and Face and Mandible Articulation." Informing Science: The International Journal of an Emerging Transdiscipline 28 (2025): 011. https://doi.org/10.28945/5431.
Full textAbstract:
Aim/Purpose: This work intends to give a method for the automatic superimposition of facial and cranium anatomical images coupled with integrating jaw movement. Using an automated alignment method will help to raise the accuracy and efficiency of the forensic face reconstruction procedure. Given their reliance on human participation, conventional approaches are prone to subjectivity and errors. Differential Genetic Algorithm (DGA) accounts for mandibular articulation and allows for exact alignment of skull and facial images, therefore reaching strong optimization. Background: Forensic face reconstruction is a crucial field of research for the anthropological sciences and the criminal justice system. Although modern methods offer benefits, their dependability is not always guaranteed since they rely on human interaction. By using a DGA, the proposed approach overcomes this limit and boosts efficiency. Differential evolution and genetic algorithms, which can capture all the special features required for perfect face reconstruction, help to improve the alignment. Methodology: This study aims to enhance the alignment parameters between image graphs of the skull and visage, and it also considers mandibular articulation using a DGA. Genetic operators and differential evolution support the program in efficiently investigating the domain of feasible solutions. Whether the superimposed images properly depict the intended face traits is found rather successfully by means of the fitness function. Contribution: This work offers a suitable solution for progressive forensic facial reconstruction using a technique based on DGA for automated overlay. An improved level of accuracy and realism is shown by comparing the obtained result with other existing approaches and methods on mandibular articulation in the reconstructed facial images. Findings: The proposed DGA has been proven to match images of the face and the cranium exactly by including the articulation of the jaw. The automatic overlay shows the possibilities of the forensic techniques since it generates results equal to or better than those acquired by hand. Recommendation for Researchers: Scholars should improve the proposed method by means of more dataset integration and genetic algorithm configuration change. Future Research: In future research, this work can be enhanced using several deep learning algorithms to achieve better accuracy and performance.
50
Miao, Xiaoyang, Hongda Quan, Xiawei Cheng, et al. "Fault Diagnosis of Oil-Immersed Transformers Based on the Improved Neighborhood Rough Set and Deep Belief Network." Electronics 13, no. 1 (2023): 5. http://dx.doi.org/10.3390/electronics13010005.
Full textAbstract:
As one of the essential components in power systems, transformers play a pivotal role in the transmission and distribution of renewable energy generation. Accurate diagnosis of transformer fault types is crucial for maintaining the safety of power systems. The current focus in research lies in transformer fault diagnosis methods based on Dissolved Gas Analysis (DGA). Traditional diagnostic methods directly utilize the five fault gases from DGA data as model input features, but this approach does not comprehensively reflect all potential fault types in transformers. In this paper, a non-coding ratio method was employed to generate 35 fault gas ratios based on the five fault gases, subsequently refined through correlation analysis to eliminate redundant feature variables, resulting in 15 significantly representative fault gas ratios. To further streamline the feature variables and remove non-contributing elements to fault diagnosis, an improved Neighborhood Rough Set (INRS) algorithm was introduced, leveraging symmetrical uncertainty measurement. By resorting to the proposed INRS, eight most representative fault gas ratios were selected as input variables for constructing a Deep Belief Network (DBN) diagnostic model. Experimental results on Dissolved Gas Analysis (DGA) data confirmed the effectiveness and accuracy of the proposed method.