Detecting DGA Botnet based on Malware Behavior Analysis.
SoICT(2022)
摘要
DGA botnet uses the Domain Generation Algorithm to generate domains that are used to establish the connection between malware bots and malicious actors. It has become a serious threat to internet-connected systems. Detection of DGA botnets is a challenging task due to its complexity and performance issues when processing a great amount of data from real-time large-scale networks. In this paper, we propose and develop a DGA botnet detection method using the combination of the Long Short-Term Memory network (LSTM) and network traffic analysis. We also propose a set of rules that can be used for detecting various DGA malware behaviors. Our method recognizes even hard-to-detect dictionary DGAs such as suppobox and matsnu, while providing an F1-score of 0.9888.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要