Koni, Mahesh (2024) Anomaly Detection-Based Approach for Identifying Domain Generation Algorithm (DGA) Domains in Cybersecurity. Masters thesis, Dublin, National College of Ireland.
Preview |
PDF (Master of Science)
Download (514kB) | Preview |
Preview |
PDF (Configuration Manual)
Download (632kB) | Preview |
Abstract
There has been a constant innovation in cyber-attack techniques, and Domain Generation Algorithms(DGAs) appear to be one of the most effective ones. DGAs enable malware to create many domain names, making it dynamic, constantly changing, and difficult to tap on the shoulder and tell it to stop. Apart from helping malware evade detection programs, it also helps create a random and reliable connection with the C&C servers, making it even harder to detect a botnet connection. Contemporary malicious software perpetually employs DGAs in effort to prevent its C&C domains or IPs from being seized, where affected systems try to connect with as many domains as possible until a connection with the C&C server is established. Therefore, detecting DGA domains is another important factor which can be automatically solved to prevent sending malicious traffic and define compromised hosts. However, many simple DGAs create domain names that appear like English words, thus making it easy for a manual check to be overwhelmed. To this end, we integrate different domain features to improve the identification of suspicious domain names. Domain Parameters: length, presence of numbers, entropy Features like length of domain names, the ratio of unique characters, including numeric characters, and entropy give indications of Domain Generation Algorithm behavior. Subsequently, these features are used to train machine learning models for domain categorization, as legitimate or generated by DGA. Feature engineering and high-level skilled machine learning techniques will enable an effective and efficient way of differentiating DGAgenerated domains accurately and efficiently.
Item Type: | Thesis (Masters) |
---|---|
Supervisors: | Name Email Hafeez, Khadija UNSPECIFIED |
Subjects: | Q Science > QA Mathematics > Electronic computers. Computer science T Technology > T Technology (General) > Information Technology > Electronic computers. Computer science Q Science > QA Mathematics > Algebra > Algorithms > Computer algorithms Q Science > QA Mathematics > Computer software > Computer Security T Technology > T Technology (General) > Information Technology > Computer software > Computer Security Q Science > Q Science (General) > Self-organizing systems. Conscious automata > Machine learning |
Divisions: | School of Computing > Master of Science in Cyber Security |
Depositing User: | Ciara O'Brien |
Date Deposited: | 23 Jul 2025 14:36 |
Last Modified: | 23 Jul 2025 14:36 |
URI: | https://norma.ncirl.ie/id/eprint/8220 |
Actions (login required)
![]() |
View Item |