NORMA eResearch @NCI Library

Anomaly Detection-Based Approach for Identifying Domain Generation Algorithm (DGA) Domains in Cybersecurity

Koni, Mahesh (2024) Anomaly Detection-Based Approach for Identifying Domain Generation Algorithm (DGA) Domains in Cybersecurity. Masters thesis, Dublin, National College of Ireland.

[thumbnail of Master of Science]
Preview
PDF (Master of Science)
Download (514kB) | Preview
[thumbnail of Configuration Manual]
Preview
PDF (Configuration Manual)
Download (632kB) | Preview

Abstract

There has been a constant innovation in cyber-attack techniques, and Domain Generation Algorithms(DGAs) appear to be one of the most effective ones. DGAs enable malware to create many domain names, making it dynamic, constantly changing, and difficult to tap on the shoulder and tell it to stop. Apart from helping malware evade detection programs, it also helps create a random and reliable connection with the C&C servers, making it even harder to detect a botnet connection. Contemporary malicious software perpetually employs DGAs in effort to prevent its C&C domains or IPs from being seized, where affected systems try to connect with as many domains as possible until a connection with the C&C server is established. Therefore, detecting DGA domains is another important factor which can be automatically solved to prevent sending malicious traffic and define compromised hosts. However, many simple DGAs create domain names that appear like English words, thus making it easy for a manual check to be overwhelmed. To this end, we integrate different domain features to improve the identification of suspicious domain names. Domain Parameters: length, presence of numbers, entropy Features like length of domain names, the ratio of unique characters, including numeric characters, and entropy give indications of Domain Generation Algorithm behavior. Subsequently, these features are used to train machine learning models for domain categorization, as legitimate or generated by DGA. Feature engineering and high-level skilled machine learning techniques will enable an effective and efficient way of differentiating DGAgenerated domains accurately and efficiently.

Item Type: Thesis (Masters)
Supervisors:
Name
Email
Hafeez, Khadija
UNSPECIFIED
Subjects: Q Science > QA Mathematics > Electronic computers. Computer science
T Technology > T Technology (General) > Information Technology > Electronic computers. Computer science
Q Science > QA Mathematics > Algebra > Algorithms > Computer algorithms
Q Science > QA Mathematics > Computer software > Computer Security
T Technology > T Technology (General) > Information Technology > Computer software > Computer Security
Q Science > Q Science (General) > Self-organizing systems. Conscious automata > Machine learning
Divisions: School of Computing > Master of Science in Cyber Security
Depositing User: Ciara O'Brien
Date Deposited: 23 Jul 2025 14:36
Last Modified: 23 Jul 2025 14:36
URI: https://norma.ncirl.ie/id/eprint/8220

Actions (login required)

View Item View Item