A curated list of machine learning resources for Domain Generation Algorithm (DGA) detection, inspired by Awesome Machine Learning for Anomaly Detection
| Paper Title | Link | Author | Publish source |
|---|---|---|---|
| A Comprehensive Measurement Study of Domain Generating Malware | Link | Plohmann et al. | USENIX Security 2016 |
| From Throw-Away Traffic to Bots:Detecting the Rise of DGA-Based Malware | Link | Antonakakis et al. | USENIX Security 2012 |
| Inline DGA Detection with Deep Networks | Link | Yu et al. | 2017 IEEE International Conference on Data Mining Workshops (ICDMW), 2017, pp. 683–692) |
| Predicting Domain Generation Algorithms with Long Short-Term Memory Networks | Link | Woodbridge et al. | arXiv preprint arXiv:1611.00791 (2016) |
| FANCI: Feature-based Automated NXDomain Classification and Intelligence | Link | Schüppen et al. | USENIX Security 2018 |
| Inline Detection of Domain Generation Algorithms with Context-Sensitive Word Embeddings | Link | Koh et al. | Proceedings of 2018 IEEE International Conference on Big Data, 2018, pp.2965–2970 |
| A LSTM based framework for handling multiclass imbalance in DGA botnet detection | Link | Tran et al. | Neurocomputing, vol. 275, pp. 2401–2413, 2018 |
| Detecting DGA Domains with Recurrent Neural Networks and Side Information | Link | Curtin et al. | Proceedings of the 14th International Conference on Availability, Reliability and Security. ACM, 2019 |
| Algorithmically Generated Domain Detection and Malware Family classification | Link | Choudhary et al. | International Symposium on Security in Computing and Communication. Springer, 2018, pp. 640–655 |
| An Evaluation of DGA Classifiers | Link | Sivaguru et al. | 2018 IEEE International Conference on Big Data, 2018, pp. 5058–5067 |
| Character Level Based Detection of DGA Domain Names | Link | Yu et al. | Proc. WCCI, 2018, pp. 4168–4175 |
| Dictionary Extraction and Detection of Algorithmically Generated Domain Names in Passive DNS Traffic | Link | Pereira et al. | International Symposium on Research in Attacks, Intrusions, and Defenses Springer, 2018, pp. 295–314 |
| Weakly Supervised Deep Learning for the Detection of Domain Generation Algorithms | Link | Yu et al. | IEEE Access, vol. 7, pp. 51 542–51 556, 2019 |
| Phoenix: DGA-based Botnet Tracking and Intelligence | Link | Schiavoni et al. | International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, 2014, pp. 192–211 |
| DeepDGA: Adversarially-Tuned Domain Generation and Detection | Link | Anderson et al. | Proceedings of the 2016 ACM Workshop on Artificial Intelligence and Security, 2016, pp. 13–21 |
| Exposure: A Passive DNS Analysis Service to Detect and Report Malicious Domains | Link | Bilge et al. | ACM Transactions on Information and System Security (TISSEC), vol. 16, no. 4, 2014 |
| Detection of Algorithmically Generated Domain Names used by Botnets: A Dual Arms Race | Link | Spooren et al. | Proceedings of the 34th ACM/SIGAPP Symposium On Applied Computing. Association for Computing Machinery, 2019, pp. 1902–1910 |
| Detecting Algorithmically Generated Domain-Flux Attacks with DNS Traffic Analysis | Link | Yadav et al. | IEEE/ACM Transactions on Networking, vol. 20, no. 5, pp. 1663–1677, 2012 |
| Detecting Malware Domains at the Upper DNS Hierarchy | Link | Antonakakis et al. | USENIX Security Symposium, vol. 11, 2011, pp. 1–16 |
| Discovering Malicious Domains through Passive DNS Data Graph Analysis | Link | Khalil et al. | Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, 2016, pp. 663–674 |
| Automatic detection of malware-generated domains with recurrent neural models | Link | Lison et al. | arXiv preprint arXiv:1709.07102, 2017 |
| Popularity-based Detection of Domain Generation Algorithms | Link | Abbink et al. | Proceedings of the 12th International Conference on Availability, Reliability and Security, no. 79. ACM, 2017 |
| Stealthy Domain Generation Algorithms | Link | Y Fu et al. | IEEE Transactions on Information Forensics & Security, 12, 6 (February 13, 2017), 1430--1443 |
| MaskDGA: A Black-box Evasion Technique Against DGA Classifiers and Adversarial Defenses | Link | Sidi et al. | arXiv preprint arXiv:1902.08909, 2019 |
| Scalable Detection of Botnets based on DGA | Link | Zago et al. | J. Internet Serv. Inf. Security (JISIS) 3 (3/4), 116–123 2019. |
| Detection of Algorithmically Generated Malicious Domain Names using Masked N-Grams | Link | Selvi et al. | Expert Syst. Appl. 124, 156–163 2019. |
| DBod : Clustering and detecting DGA-based botnets using DNS traffic analysis | Link | Wang et al. | Computers and Security 64, 1–15, 2017 |
| Breaking Bad: Detecting malicious domains using word segmentation | Link | Wang et al. | arXiv preprint arXiv:1506.04111 (2015) |
| A Survey on Malicious Domains Detection through DNS Data Analysis | Link | Zhauniarovich et al. | ACM Computing Surveys (CSUR) 51.4 (2018): 1-36 |
| One-Class Adversarial Nets for Fraud Detection | Link | Zheng et al. | Proceedings of the AAAI Conference on Artificial Intelligence. Vol. 33. 2019 |
| Inline Detection of Domain Generation Algorithms with Context-Sensitive Word Embeddings | Link | Koh et al. | IEEE International Conference on Big Data (Big Data). IEEE, 2018 |
| Finding Domain-Generation Algorithms by Looking at Length Distributions | Link | Mowbray et al. | IEEE International Symposium on Software Reliability Engineering Workshops, pp. 395–400. IEEE (2014) |