企业网络中检测领域生成算法中识别不同机器学习算法的调查报告

2020 11th International Conference on Computing, Communication and Networking Technologies (ICCCNT) Pub Date : 2020-07-01 DOI:10.1109/ICCCNT49239.2020.9225357

S. Ajmera, T. Pattanshetti

{"title":"企业网络中检测领域生成算法中识别不同机器学习算法的调查报告","authors":"S. Ajmera, T. Pattanshetti","doi":"10.1109/ICCCNT49239.2020.9225357","DOIUrl":null,"url":null,"abstract":"Anomaly detection is done to identify the abnormal patterns that deviate from the majority of data. It is also known as outlier detection. Detection of Domain Generation Algorithms is also a type of anomaly detection. In this paper, we talked about Domain Generation Algorithms (DGA). Malware uses Domain Generation Algorithms to communicate with Command and Control (CnC) servers managed by hackers. As DGAs are generated randomly, it is hard to detect them in real-time using signature-based software. DGA activates for a short time. So threat intelligent software sometimes fails to recognize if the URL is DGA or genuine. In this paper, research is done in machine learning algorithms such as random forest and deep learning techniques such as LSTM and neural networks which will help to detect patterns of DGA. Using the DGA technique malware starts communicating with this server. As this is a type of advanced persistent threat, this results in intellectual and financial losses of enterprises. The traditional techniques consist of blacklisting malware and URLs. Automatic detection of this DGAs is a crucial task. This imposes an overheard as DGA gets generated in large volumes.","PeriodicalId":266300,"journal":{"name":"2020 11th International Conference on Computing, Communication and Networking Technologies (ICCCNT)","volume":"10 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"A Survey Report on Identifying Different Machine Learning Algorithms in Detecting Domain Generation Algorithms within Enterprise Network\",\"authors\":\"S. Ajmera, T. Pattanshetti\",\"doi\":\"10.1109/ICCCNT49239.2020.9225357\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Anomaly detection is done to identify the abnormal patterns that deviate from the majority of data. It is also known as outlier detection. Detection of Domain Generation Algorithms is also a type of anomaly detection. In this paper, we talked about Domain Generation Algorithms (DGA). Malware uses Domain Generation Algorithms to communicate with Command and Control (CnC) servers managed by hackers. As DGAs are generated randomly, it is hard to detect them in real-time using signature-based software. DGA activates for a short time. So threat intelligent software sometimes fails to recognize if the URL is DGA or genuine. In this paper, research is done in machine learning algorithms such as random forest and deep learning techniques such as LSTM and neural networks which will help to detect patterns of DGA. Using the DGA technique malware starts communicating with this server. As this is a type of advanced persistent threat, this results in intellectual and financial losses of enterprises. The traditional techniques consist of blacklisting malware and URLs. Automatic detection of this DGAs is a crucial task. This imposes an overheard as DGA gets generated in large volumes.\",\"PeriodicalId\":266300,\"journal\":{\"name\":\"2020 11th International Conference on Computing, Communication and Networking Technologies (ICCCNT)\",\"volume\":\"10 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-07-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2020 11th International Conference on Computing, Communication and Networking Technologies (ICCCNT)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICCCNT49239.2020.9225357\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 11th International Conference on Computing, Communication and Networking Technologies (ICCCNT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCCNT49239.2020.9225357","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

摘要

异常检测是用来识别偏离大部分数据的异常模式。它也被称为离群值检测。领域生成检测算法也是异常检测的一种。在本文中，我们讨论了领域生成算法(DGA)。恶意软件使用域生成算法与黑客管理的CnC (Command and Control)服务器进行通信。由于DGAs是随机生成的，使用基于签名的软件很难实时检测到它们。DGA激活时间很短。因此，威胁智能软件有时无法识别URL是DGA还是真实的。在本文中，研究了机器学习算法，如随机森林和深度学习技术，如LSTM和神经网络，这将有助于检测DGA的模式。使用DGA技术，恶意软件开始与此服务器通信。由于这是一种高级持续性威胁，这将导致企业的知识和财务损失。传统的技术包括将恶意软件和url列入黑名单。对这种气体的自动检测是一项至关重要的任务。当大量生成DGA时，这就产生了窃听。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A Survey Report on Identifying Different Machine Learning Algorithms in Detecting Domain Generation Algorithms within Enterprise Network

Anomaly detection is done to identify the abnormal patterns that deviate from the majority of data. It is also known as outlier detection. Detection of Domain Generation Algorithms is also a type of anomaly detection. In this paper, we talked about Domain Generation Algorithms (DGA). Malware uses Domain Generation Algorithms to communicate with Command and Control (CnC) servers managed by hackers. As DGAs are generated randomly, it is hard to detect them in real-time using signature-based software. DGA activates for a short time. So threat intelligent software sometimes fails to recognize if the URL is DGA or genuine. In this paper, research is done in machine learning algorithms such as random forest and deep learning techniques such as LSTM and neural networks which will help to detect patterns of DGA. Using the DGA technique malware starts communicating with this server. As this is a type of advanced persistent threat, this results in intellectual and financial losses of enterprises. The traditional techniques consist of blacklisting malware and URLs. Automatic detection of this DGAs is a crucial task. This imposes an overheard as DGA gets generated in large volumes.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2020 11th International Conference on Computing, Communication and Networking Technologies (ICCCNT)

自引率

0.00%

发文量