Abstract
Recently, DGA botnet detection has been the research interest of many researchers all over the world because of their fast widespread and high sophistication. A number of approaches using statistics and machine learning to detect DGA botnets based on classifying botnet and legitimate domain-names have been proposed. This paper extends the machine learning-based detection model proposed by [7] by adding new classification features in order to improve the detection accuracy as well as to minimize the rates of false alarms. Extensive experiments confirm that our enhanced detection model outperforms the original model [7] and some other previous models. The proposed model’s overall detection accuracy and the F1-score are both at 97.03%.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Spamhaus Botnet Threat Report 2019. https://www.spamhaus.org/news/ article/793/spamhaus-botnet-threat-report-2019. Accessed 19 Aug 2020
Kaspersky Lab - Bots and Botnets in 2018. https://securelist.com/bots-and-botnets-in-2018/90091/. Accessed 19 Aug 2020
Radware Blog - More Destructive Botnets and Attack Vectors Are on Their Way. https://blog.radware.com/security/botnets/2019/10/scan-exploit-control/. Accessed 19 Aug 2020
The Business Journal. https://www.bizjournals.com/sanjose/stories/2010/08/23/daily29.html. Accessed 19 Aug 2020
Alieyan, K., Almomani, A., Manasrah, A., Kadhum, M.M.: A survey of botnet detection based on DNS. Nat. Comput. Appl. Forum 28, 1541–1558 (2017)
Li, X., Wang, J., Zhang, X.: Botnet detection technology based on DNS. J. Future Internet 9, 55 (2017)
Hoang, X.D., Nguyen, Q.C.: Botnet detection based on machine learning techniques using DNS query data. J. Future Internet 10, 43 (2018). https://doi.org/10.3390/fi10050043
Truong, D.T., Cheng, G.: Detecting domain-flux botnet based on DNS traffic features in managed network. Secur. Commun. Netw. 9, 2338–2347 (2016)
Qiao, Y., Zhang, B., Zhang, W., Sangaiah, A.K., Wu, H.: DGA domain name classification method based on long short-term memory with attention mechanism. Appl. Sci. 9, 4205 (2019). https://doi.org/10.3390/app9204205
Zhao, H., Chang, Z., Bao, G., Zeng, X.: Malicious domain names detection algorithm based on N-gram. J. Comput. Netw. Commun. 2019 (2019). https://doi.org/10.1155/2019/4612474
DN Pedia – Top Alexa one million domains. https://dnpedia.com/tlds/topm.php. Accessed 03 Aug 2020
Netlab 360 – DGA Families. https://data.netlab.360.com/dga/. Accessed 10 Aug 2020
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Hoang, X.D., Vu, X.H. (2021). An Enhanced Model for DGA Botnet Detection Using Supervised Machine Learning. In: Tran, DT., Jeon, G., Nguyen, T.D.L., Lu, J., Xuan, TD. (eds) Intelligent Systems and Networks . ICISN 2021. Lecture Notes in Networks and Systems, vol 243. Springer, Singapore. https://doi.org/10.1007/978-981-16-2094-2_6
Download citation
DOI: https://doi.org/10.1007/978-981-16-2094-2_6
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-16-2093-5
Online ISBN: 978-981-16-2094-2
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)