AGDB: A Dictionary-based Malicious Domain Detection Method based on Representation Fusion

Abstract

Botnets are starting to use domain generation algorithms (DGAs) extensively to enhance the stealth of command and control (C&C) communications between C&C servers and bots. Domains generated by DGAs are called algorithmically generated domains (AGDs), which also known as malicious domains. Detection of AGDs is a crucial element for fighting botnets and security researchers have proposed a variety of DGA detection methods. In order to avoid the detection of DGA detectors, various types of DGAs are continuously updated. Among them, the dictionary-based malicious domain, with strong camouflage, is the most advanced DGA representative and the previous detection methods are very ineffective on this type of malicious domain. To solve this problem, we explore the dictionary-based malicious domain generation algorithm, and propose, AGDB, a dictionary-based malicious domain detection method based on representation fusion, which combines features extracted from the context-based malicious domain detection model with features extracted from the graph-based malicious domain detection model. The experimental results show that the detection method based on representation fusion significantly outperforms the existing methods in terms of precision and recall.