Skip to content

Finding domain-generation algorithms by looking at length distribution

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Original languageEnglish
Title of host publicationProceedings - IEEE 25th International Symposium on Software Reliability Engineering Workshops, ISSREW 2014
Publisher or commissioning bodyInstitute of Electrical and Electronics Engineers (IEEE)
Pages395-400
Number of pages6
ISBN (Electronic)9781479973774
DOIs
DatePublished - 3 Nov 2014
Event25th IEEE International Symposium on Software Reliability Engineering Workshops, ISSREW 2014 - Naples, Italy
Duration: 3 Nov 20146 Nov 2014

Conference

Conference25th IEEE International Symposium on Software Reliability Engineering Workshops, ISSREW 2014
CountryItaly
CityNaples
Period3/11/146/11/14

Abstract

In order to detect malware that uses domain fluxing to circumvent blacklisting, it is useful to be able to discover new domain-generation algorithms (DGAs) that are being used to generate algorithmically-generated domains (AGDs). This paper presents a procedure for discovering DGAs from Domain Name Service (DNS) query data. It works by identifying client IP addresses with an unusual distribution of second-level string lengths in the domain names that they query. Running this fairly simple procedure on 5 days' data from a large enterprise network uncovered 19 different DGAs, nine of which have not been identified as previously-known. Samples and statistical information about the DGA domains are given.

    Research areas

  • AGD, Big data, Botnet, DGA, Domain generation algorithm, Domain name service

Event

25th IEEE International Symposium on Software Reliability Engineering Workshops, ISSREW 2014

Duration3 Nov 20146 Nov 2014
CityNaples
CountryItaly

Event: Conference

Documents

DOI

View research connections

Related faculties, schools or groups