An Approach for Identifying Malicious Domain Names Generated by Dictionary-Based DGA Bots

Akihiro SATOH  Yutaka NAKAMURA  Yutaka FUKUDA  Daiki NOBAYASHI  Takeshi IKENAGA  

Publication
IEICE TRANSACTIONS on Information and Systems   Vol.E104-D   No.5   pp.669-672
Publication Date: 2021/05/01
Publicized: 2021/02/17
Online ISSN: 1745-1361
DOI: 10.1587/transinf.2020NTL0001
Type of Manuscript: Special Section LETTER (Special Section on the Architectures, Protocols, and Applications for the Future Internet)
Category: 
Keyword: 
dga bot,  dictionary-based domain generation algorithm,  domain name,  network security,  

Full Text: PDF>>
Buy this Article




Summary: 
Computer networks are facing serious threats from the emergence of sophisticated new DGA bots. These DGA bots have their own dictionary, from which they concatenate words to dynamically generate domain names that are difficult to distinguish from human-generated domain names. In this letter, we propose an approach for identifying the callback communications of DGA bots based on relations among the words that constitute the character string of each domain name. Our evaluation indicates high performance, with a recall of 0.9977 and a precision of 0.9869.