DGA-based malware detection using DNS traffic analysis
- Authors
- Lee, Jong Youn; Chang, Jun Young; Im, Eul Gyu
- Issue Date
- Sep-2019
- Publisher
- Association for Computing Machinery, Inc
- Keywords
- DGA; DNS; Domain generation algorithm; Domain name system; Malware analysis; Network security; Network traffic analysis; Software security
- Citation
- Proceedings of the 2019 Research in Adaptive and Convergent Systems, RACS 2019, pp.283 - 288
- Indexed
- SCOPUS
- Journal Title
- Proceedings of the 2019 Research in Adaptive and Convergent Systems, RACS 2019
- Start Page
- 283
- End Page
- 288
- URI
- https://scholarworks.bwise.kr/hanyang/handle/2021.sw.hanyang/147249
- DOI
- 10.1145/3338840.3355672
- Abstract
- A large number of malicious software communicate with C & C (Command and Control) servers to download resources for malicious actions or to receive commands to perform desired attacks. Malware needs to know C & C servers' IP addresses to communicate with, and these IP addresses are usually obtained through DNS (Domain Name System) communications by sending domain names to DNS servers instead of using hard-coded IP addresses in order to avoid analysis and detection. In this process, malware usually uses DGA (Domain Generation Algorithm) to hide domain names of C & C servers and to make difficult to block C & C servers or domain names. Although DGA techniques have been studied extensively, most of previous studies have been based on the analysis of the domain names generated by DGA focusing on the characteristics of the strings. However, this kind of analysis methods has difficulties to detect some domain names generated by DGA with creative criteria. In this paper, we have conducted research to detect malicious code generated by DGA based on the value of flags included in the DNS communication process, deviating from the existing research focusing on domain name only. © 2019 Copyright held by the owner/author(s).
- Files in This Item
-
Go to Link
- Appears in
Collections - 서울 공과대학 > 서울 컴퓨터소프트웨어학부 > 1. Journal Articles

Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.