7 Short Links of Dictionary DGA Detection

Image from paper: “Dictionary Extraction and Detection of Algorithmically Generated Domain Names in Passive DNS Traffic”, referenced below.

In this short blog, I share seven papers that focus on detecting Dictionary Domain Generation Algorithm (DGA) domains, A.K.A. Word-based DGAs. Dictionary DGAs are algorithms seen in various malware families (suppobox, matsnu, gozi, rovnix, etc.) that are used to periodically generate a large number of domain names that use pseudo-randomly concatenated words from a dictionary. These domains may appear legitimate at first glance and are often able to evade blacklisting as well as traditional DGA detections based on entropy or counts of consonants vs vowels. Below are a small sample of rovnix domains from Unit42’s blogpost.

  • kingwhichtotallyadminis[.]biz
  • thareplunjudiciary[.]net
  • townsunalienable[.]net
  • taxeslawsmockhigh[.]net
  • transientperfidythe[.]biz
  • inhabitantslaindourmock[.]cn
  • thworldthesuffer[.]biz

Papers:

In a previous post, I also shared details on several models that are capable of effectively detecting dictionary DGA domains as well. Please see Auxiliary Loss Optimization for Hypothesis Augmentation for DGA Domain Detection.

Lastly, if you’re interested in discovering more interesting papers like these, use the method I outlined here.

–Jason
@jason_trost

The “short links” format was inspired by O’Reilly’s Four Short Links series.

--

--

--

Interests: Network security, Digital Forensics, Machine Learning, Big Data. retweets are not endorsements.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Vanishing and Exploding Gradient Problems

Building scalable visual search with machine learning

Transfer Learning , is it Important to know?

Xception Neural Network Transfer learning and Data Processing using AI

Real-Time Age Gender Detection using OpenCV

An Introduction to Implementing Retinanet in Keras for Multi Object Detection on Custom Dataset

The fastest production-ready image resize out there, part 0

Self-Supervised Voice Emotion Recognition Using Transfer Learning

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Jason Trost

Jason Trost

Interests: Network security, Digital Forensics, Machine Learning, Big Data. retweets are not endorsements.

More from Medium

9 Short links on Network Beacon Detection

Predict Electricity Consumption using Oracle AutoML

Parsing international travel from Google maps history