A botnet is a one-to-many control network among    a master and its infected hosts which are utilized to commit malicious activities like DDoS attacks, mining, posting spam, etc. Attackers used to utilize hard-coded domain names to manipulate the connections between bots and the C&C (command and control) server. However, since this method is easy to ban, attackers currently tend to shuttle in bulk of domains generated by algorithms (DGA domains) to improve their flexibility and bypass the blacklists. To solve this problem, we propose an automated DGA detection system based on machine learning methods. We extract 12 features to represent the differences in character distributions of legal and DGA domains. To improve detection performance and versatility, we also apply ensemble learning methods to the DGA classifier. Experiments on public datasets show that the XGBoost-based classifier surpasses all the other methods in both accuracy and efficiency.

10.25236/AJCIS.2020.030404

Yihang Zhang. A Ensemble Learning method for Domain Generation Algorithm Detection. Academic Journal of Computing & Information Science (2020), Vol. 3, Issue 4: 31-40. https://doi.org/10.25236/AJCIS.2020.030404.