A dictionary-based method for detecting machine-generated domains

ABSTRACT Internet robots, also known as bots, have transformed the businesses and society with convenience. However, the dynamics of these interactions could be under adversarial circumstances with detrimental effects on network security. Bots that use domain-generation algorithms (DGAs) can generate many random domains dynamically so that static domain blacklists become ineffective in preventing malicious attacks by botnets. Various families of recent botnets have used DGA to establish communication with the bots. Researchers have introduced various detection methods with moderate success. Methods proposed so far either detect only DGAs that use non-variations forms or focus on the classification accuracy instead of time complexity, which would be critical in real-world production. The goal of this article is to explore how machine learning can help in detecting machine-generated domain names. To that end, we propose a dictionary-based n-gram method that can detect 39 DGA variations. We compared our method with existing research and found that our method can improve the performance of the existing classification algorithms. At last, our method can achieve competitive results as the LSTM model while requiring less time and complexity. Our research helps real-time production for DGA detection and provides insight in protecting DNS server and information security.