Convolutional, adversarial and random forest-based DGA detection: Comparative study for DGA detection with different machine learning algorithms
2021 (engelsk)Independent thesis Basic level (degree of Bachelor), 20 poäng / 30 hp
Oppgave
Abstract [en]
Malware is becoming more intelligent as static methods for blocking communication with Command and Control (C&C) server are becoming obsolete. Domain Generation Algorithms (DGAs) are a common evasion technique that generates pseudo-random domain names to communicate with C&C servers in a difficult way to detect using handcrafted methods. Trying to detect DGAs by looking at the domain name is a broad and efficient approach to detect malware-infected hosts. This gives us the possibility of detecting a wider assortment of malware compared to other techniques, even without knowledge of the malware’s existence. Our study compared the effectiveness of three different machine learning classifiers: Convolutional Neural Network (CNN), Generative Adversarial Network (GAN) and Random Forest (RF) when recognizing patterns and identifying these pseudo-random domains.
The result indicates that CNN differed significantly from GAN and RF. It achieved 97.46% accuracy in the final evaluation, while RF achieved 93.89% and GAN achieved 60.39%. In the future, network traffic (efficiency) could be a key component to examine, as productivity may be harmed if the networkis over burdened by domain identification using machine learning algorithms.
sted, utgiver, år, opplag, sider
2021. , s. 52, xi
Emneord [en]
Domain generation algorithm, machine learning, neural networks, GAN, random forest, CNN
HSV kategori
Identifikatorer
URN: urn:nbn:se:his:diva-20103OAI: oai:DiVA.org:his-20103DiVA, id: diva2:1576371
Fag / kurs
Informationsteknologi
Utdanningsprogram
Computer Science - Specialization in Systems Development
Veileder
Examiner
2021-06-302021-06-302025-09-29bibliografisk kontrollert