DGA-based botnet detection toward imbalanced multiclass learning
نویسندگان
چکیده
Botnets based on the Domain Generation Algorithm (DGA) mechanism pose great challenges to main current detection methods because of their strong concealment and robustness. However, complexity DGA family imbalance samples continue impede research detection. In existing work, sample size each is regarded as most important determinant resampling proportion; thus, differences in characteristics various are ignored, optimal effect not achieved. this paper, a Long Short-Term Memory-based Property Quantity Dependent Optimization (LSTM.PQDO) method proposed. This takes advantage LSTM automatically mine comprehensive features domain names. It iterates proportion with solution consideration original number heuristically search for better around initial right direction; dynamic optimization realized. The experimental results show that LSTM.PQDO can achieve performance compared models overcome difficulties unbalanced datasets; moreover, it function reference tasks similar scenarios.
منابع مشابه
DGA-Based Botnet Detection Using DNS Traffic
In recent years, an increasing number of botnets use Domain Generation Algorithms (DGAs) to bypass botnet detection systems. DGAs, also referred as “domain fluxing”, has been used since 2004 for botnet controllers, and now become an emerging trend for malware. It can dynamically and frequently generate a large number of random domain names which are used to prevent security systems from detecti...
متن کاملPhoenix: DGA-Based Botnet Tracking and Intelligence
Modern botnets rely on domain-generation algorithms (DGAs) to build resilient command-and-control infrastructures. Given the prevalence of this mechanism, recent work has focused on the analysis of DNS traffic to recognize botnets based on their DGAs. While previous work has concentrated on detection, we focus on supporting intelligence operations. We propose Phoenix, a mechanism that, in addit...
متن کاملDGA Detection Using Machine Learning Methods
A botnet is a network of private computers infected with malicious software and controlled as a group without the knowledge of the owners. Botnets are used by cyber criminals for various malicious activities such as stealing sensitive data, sending spam, launching Distributed Denial of Service (DDoS) attacks, etc. A Command and Control (C&C) server sends commands to the compromised hosts for ex...
متن کاملCo-Multistage of Multiple Classifiers for Imbalanced Multiclass Learning
In this work, we propose two stochastic architectural models (CMC and CMC-M ) with two layers of classifiers applicable to datasets with one and multiple skewed classes. This distinction becomes important when the datasets have a large number of classes. Therefore, we present a novel solution to imbalanced multiclass learning with several skewed majority classes, which improves minority classes...
متن کاملMBotCS: A Mobile Botnet Detection System Based on Machine Learning
As the use of mobile devices spreads dramatically, hackers have started making use of mobile botnets to steal user information or perform other malicious attacks. To address this problem, in this paper we propose a mobile botnet detection system, called MBotCS. MBotCS can detect mobile device traffic indicative of the presence of a mobile botnet based on prior training using machine learning te...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Tsinghua Science & Technology
سال: 2021
ISSN: ['1878-7606', '1007-0214']
DOI: https://doi.org/10.26599/tst.2020.9010021