Author
Listed:
- Cheng Yang
(College of Information and Cyber Security, People’s Public Security University of China, Beijing 100038, China)
- Tianliang Lu
(College of Information and Cyber Security, People’s Public Security University of China, Beijing 100038, China)
- Shangyi Yan
(College of Information and Cyber Security, People’s Public Security University of China, Beijing 100038, China)
- Jianling Zhang
(College of Information and Cyber Security, People’s Public Security University of China, Beijing 100038, China)
- Xingzhan Yu
(College of Information and Cyber Security, People’s Public Security University of China, Beijing 100038, China)
Abstract
Domain name generation algorithms are widely used in malware, such as botnet binaries, to generate large sequences of domain names of which some are registered by cybercriminals. Accurate detection of malicious domains can effectively defend against cyber attacks. The detection of such malicious domain names by the use of traditional machine learning algorithms has been explored by many researchers, but still is not perfect. To further improve on this, we propose a novel parallel detection model named N-Trans that is based on the N-gram algorithm with the Transformer model. First, we add flag bits to the first and last positions of the domain name for the parallel combination of the N-gram algorithm and Transformer framework to detect a domain name. The model can effectively extract the letter combination features and capture the position features of letters in the domain name. It can capture features such as the first and last letters in the domain name and the position relationship between letters. In addition, it can accurately distinguish between legitimate and malicious domain names. In the experiment, the dataset is the legal domain name of Alexa and the malicious domain name collected by the 360 Security Lab. The experimental results show that the parallel detection model based on N-gram and Transformer achieves 96.97% accuracy for DGA malicious domain name detection. It can effectively and accurately identify malicious domain names and outperforms the mainstream malicious domain name detection algorithms.
Suggested Citation
Cheng Yang & Tianliang Lu & Shangyi Yan & Jianling Zhang & Xingzhan Yu, 2022.
"N-Trans: Parallel Detection Algorithm for DGA Domain Names,"
Future Internet, MDPI, vol. 14(7), pages 1-15, July.
Handle:
RePEc:gam:jftint:v:14:y:2022:i:7:p:209-:d:861976
Download full text from publisher
Corrections
All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jftint:v:14:y:2022:i:7:p:209-:d:861976. See general information about how to correct material in RePEc.
If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.
We have no bibliographic references for this item. You can help adding them by using this form .
If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.
For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .
Please note that corrections may take a couple of weeks to filter through
the various RePEc services.
Printed from https://ideas.repec.org/a/gam/jftint/v14y2022i7p209-d861976.html
