Stealthy Domain Generation Algorithms

Yu Fu; Lu Yu; Oluwakemi Hambolu; Ilker Ozcelik; Benafsh Husain; Jingxuan Sun; Karan Sapra; Dan Du; Christopher Tate Beasley; Richard R. Brooks

首页> 外文期刊>Information Forensics and Security, IEEE Transactions on >Stealthy Domain Generation Algorithms

【24h】

Stealthy Domain Generation Algorithms

机译：隐身域生成算法

获取原文

获取原文并翻译 | 示例

掌桥外文数据库（机构版） >>

开具论文收录证明 >>

文献代查 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

Botnets are groups of compromised computers that botmasters (botherders) use to launch attacks over the Internet. To avoid detection, botnets use DNS fast flux to change the mapping between IP addresses and domain names periodically. Domain generation algorithms (DGAs) are employed to generate a large number of domain names. Detection techniques have been proposed to identify malicious domain names generated by DGAs. Three metrics, Kullback–Leibler (KL) distance, Edit distance (ED), and Jaccard index (JI), are used to detect botnet domains with up to 100% detection rate and 2.5% false-positive rate. In this paper, we propose two DGAs that use hidden Markov models (HMMs) and probabilistic context-free grammars (PCFGs), respectively. Experiment results show that DGA detection metrics (KL, JI, and ED) and detection systems (BotDigger and Pleiades) have difficulty detecting domain names generated using the proposed approaches. Game theory is used to optimize strategies for both botmasters and security personnel. Results show that, to optimize DGA detection, security personnel should use the ED detection technique with probability 0.78 and JI detection with probability 0.22, and botmasters should choose the HMM-based DGA with probability 0.67 and PCFG-based DGA with probability 0.33.

机译：僵尸网络是一群受感染的计算机，僵尸网络管理员（僵尸网络）用来通过Internet发起攻击。为了避免检测，僵尸网络使用DNS快速通量来定期更改IP地址和域名之间的映射。域生成算法（DGA）用于生成大量域名。已经提出了检测技术来识别由DGA生成的恶意域名。 Kullback-Leibler（KL）距离，编辑距离（ED）和Jaccard索引（JI）这三个指标用于检测僵尸网络域，检测率高达100％，假阳性率高达2.5％。在本文中，我们提出了两种分别使用隐马尔可夫模型（HMM）和概率上下文无关文法（PCFG）的DGA。实验结果表明，DGA检测指标（KL，JI和ED）和检测系统（BotDigger和Pleiades）难以检测使用该方法生成的域名。博弈论可用于针对Botmaster和安全人员优化策略。结果表明，为了优化DGA检测，安全人员应使用概率为0.78的ED检测技术和概率为0.22的JI检测，僵尸程序管理员应选择概率为0.67的基于HMM的DGA和概率为0.33的基于PCFG的DGA。

著录项

来源
《Information Forensics and Security, IEEE Transactions on》 |2017年第6期|1430-1443|共14页
作者
Yu Fu; Lu Yu; Oluwakemi Hambolu; Ilker Ozcelik; Benafsh Husain; Jingxuan Sun; Karan Sapra; Dan Du; Christopher Tate Beasley; Richard R. Brooks;
展开▼
作者单位

Holcombe Department of Electrical and Computer Engineering, Clemson University, Clemson, SC, USA;

Holcombe Department of Electrical and Computer Engineering, Clemson University, Clemson, SC, USA;

Holcombe Department of Electrical and Computer Engineering, Clemson University, Clemson, SC, USA;

Holcombe Department of Electrical and Computer Engineering, Clemson University, Clemson, SC, USA;

School of Computing, Clemson University, Clemson, SC, USA;

Holcombe Department of Electrical and Computer Engineering, Clemson University, Clemson, SC, USA;

Holcombe Department of Electrical and Computer Engineering, Clemson University, Clemson, SC, USA;

Holcombe Department of Electrical and Computer Engineering, Clemson University, Clemson, SC, USA;

Holcombe Department of Electrical and Computer Engineering, Clemson University, Clemson, SC, USA;

Holcombe Department of Electrical and Computer Engineering, Clemson University, Clemson, SC, USA;

展开▼
收录信息
原文格式 PDF
正文语种 eng
中图分类
关键词
Hidden Markov models; Measurement; Indexes; Game theory; Security; Probability distribution; Probabilistic logic;

机译：隐马尔可夫模型;测度;指标;博弈论;安全性;概率分布;概率逻辑;

相似文献

外文文献
中文文献
专利

1. Advanced algorithm to detect stealthy cyber attacks on automatic generation control in smart grid [J] . Fatemeh Akbarian, Amin Ramezani, Mohammad-Taghi Hamidi-Beheshti, IET Cyber-Physical Systems: Theory & Applications . 2020,第4期

机译：先进的算法检测智能电网自动生成控制的隐身网络攻击
2. Following Passive DNS Traces to Detect Stealthy Malicious Domains Via Graph Inference [J] . Nabeel Mohamed, Khalil Issa M., Guan Bei, ACM transactions on privacy and security . 2020,第4期

机译：由于被动DNS跟踪通过图推断检测隐身恶意域
3. An algorithm for decomposition of sub-domains and quadrilateral mesh generation with line constraints [J] . X. Ma, G. Zhao, D. Zhang Advances in Engineering Software . 2017,第deca期

机译：具有线约束的子域分解和四边形网格生成算法
4. A stealthy route planning algorithm for the fourth generation fighters [C] . Rong Yang, Yong Ma, Zhangzhi Tao, 2017 International Conference on Mechanical, System and Control Engineering . 2017

机译：第四代战斗机的隐形路线规划算法
5. A Non-Algorithmic File-Type Independent Approach for Finding Stealthy Watermarks in Forensic Investigations [D] . Sabir, Maha Farouk S. 2019

机译：一种非算法文件类型的独立方法，在法医调查中发现隐身水印
6. Continuous and discontinuous domains: an algorithm for the automatic generation of reliable protein domain definitions. [O] . A. S. Siddiqui, G. J. Barton 1995

机译：连续和不连续域：自动生成可靠的蛋白质域定义的算法。
7. Advanced algorithm to detect stealthy cyber attacks on automatic generation control in smart grid [O] . Fatemeh Akbarian, Amin Ramezani, Mohammad‐Taghi Hamidi‐Beheshti, 2020

机译：先进的算法检测智能电网自动生成控制的隐身网络攻击

Stealthy Domain Generation Algorithms

摘要

著录项

相似文献

相关主题

期刊订阅