Domain generated algorithms detection applying a combination of a deep feature selection and traditional machine learning models

Abstract

The use of command and control (C2) servers in cyberattacks has risen considerably, attackers frequently employ the domain generated algorithm (DGA) technique to conceal their C2 servers. Various machine learning models have been suggested for binary identification of domain names as either benign or DGA domain. The Existing techniques are inefficient and have real-time detection issues and are also very data hypersensitive, therefore, they can be circumvented by the attackers. The main problem this article addresses is how to automatically detect DGA in a way that does not rely solely on reverse engineering, not strongly affected by data size, and allows detection of this DGA in real time. This paper presents DTFS-DGA model that combine neural networks models with traditional machine learning models and maintains its performance even if the data size changes to detect DGA in real time. The model uses 15 linguistics and networks features with the features extracted by long short-term memory and convolutional neural network to classify domain names using random forest and support vector machines. The comprehensive experimental findings confirm the suggested model’s accuracy. To be precise, the model achieve an average accuracy of 99.8 % for the classification.