Exploring and comparing various machine and deep learning technique algorithms to detect domain generation algorithms of malicious variants

Abstract

Domain generation algorithm (DGA) is used as the main source of script in different groups of malwares, which generates the domain names of points and will further be used for command-and-control servers. The security measures usually identify the malware but the domain name algorithms will be updating themselves in order to avoid the less efficient older security detection methods. The reason being the older detection methods does not use either the machine learning or deep learning algorithms to detect the DGAs. Thus, the impact of incorporating the machine learning and deep learning techniques to detect the DGA is well discussed. As a result, they can create a huge number of domains to avoid debar and henceforth, block the hackers and zombie systems with the older methods itself. The main purpose of this research work is to compare and analyse by implementing various machine learning algorithms that suits the respective dataset yielding better results. In this research paper, the obtained dataset is pre-processed and the respective data is processed by different machine learning algorithms such as random forest (RF), support vector machine (SVM), Naive Bayes classifier, H20 AutoML, convolutional neural network (CNN), long short-term memory neural network (LSTM) for the classification. It is observed and understood that the LSTM provides a better classification efficiency of 98% and the H20 AutoML method giving the least efficiency of 75%.