Machine Learning

Machine Learning for DGA Detection

Machine Learning for DGA Detection

Botnets are arguably one of the biggest threats online at present. In order to control networks infected by malware, the command-and-control (C&C) servers communicate with bots via an IP address or domain only known to them. However, if a dedicated domain, or a set of domains, is used for this communication, they can be easily detected and blacklisted.

Domain Generation Algorithms (DGA) is a technique used by modern botnets to avoid blacklisting and sinkhole. DGA algorithms periodically generate a large number of domain names to connect to. A new list can be generated every day, and a few of those domains are registered and activated to be used for botnet - C&C communication. Since there is infinite number of different algorithms it is impossible to generate a finite list of domains to blacklist, which makes detection of communication between bots and C&C extremely difficult.

Subscribe to RSS - Machine Learning