Abstrakt: | In recent years, a lot of malware has started to use domain generation algorithms (DGAs) in communication with command-and-control servers. These algorithms generate a large number of domains, but only a small portion of them are actually used in C&C communication. Over the years, there have been numerous ways of detecting these kinds of domains tested. The approaches based on machine learning have become very popular and successful. In this thesis we look at different types of DGAs and how to detect them and provide a comparison and evaluation of five supervised machine learning algorithms for DGA domain classification using multiple sets of features. During our tests, we have found that decision tree-based algorithms perform the best. We have also analyzed hard-to-detect DGAs and the domains they generate.
|
---|