NIOM-DGA: Nature-inspired optimised ML-based model for DGA detection

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2025-06-21 DOI:10.1016/j.cose.2025.104561

Daniel Jeremiah , Husnain Rafiq , Vinh Thong Ta , Muhammad Usman , Mohsin Raza , Muhammad Awais

引用次数: 0

Abstract

Domain Generation Algorithms (DGAs) allow malware to evade detection by generating millions of random domains daily for Command-and-Control (C&C) communication, challenging traditional detection methods. This work presents NIOM-DGA, a novel machine learning model that applies nature-inspired algorithms (NIAs) to select an optimal subset of 78 features from a dataset of over 16 million domain names, including several features not traditionally used in DGA detection. This approach enhances accuracy, robustness, and generalisability, achieving up to 98.3% accuracy—outperforming most existing approaches. Further testing on 10 external datasets with over 37 million domains confirms an average classification accuracy of 95.7%. Designed for seamless integration into SIEM, EDR, XDR, and cloud security platforms, NIOM-DGA significantly improves DGA detection compared to existing methods, advancing practical threat detection capabilities.

查看原文本刊更多论文

NIOM-DGA：基于ml的DGA检测模型

域生成算法（DGAs）允许恶意软件通过每天生成数百万个用于命令和控制（C&；C）通信的随机域来逃避检测，挑战传统的检测方法。这项工作提出了NIOM-DGA，这是一种新颖的机器学习模型，它应用自然启发算法（NIAs）从超过1600万个域名的数据集中选择78个特征的最佳子集，其中包括一些传统上未用于DGA检测的特征。这种方法提高了准确性、鲁棒性和通用性，达到了98.3%的准确率，优于大多数现有的方法。在超过3700万个域的10个外部数据集上的进一步测试证实了平均分类准确率为95.7%。NIOM-DGA专为无缝集成到SIEM、EDR、XDR和云安全平台而设计，与现有方法相比，NIOM-DGA显著改进了DGA检测，提高了实际威胁检测能力。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.