1 research outputs found
Intercepting Hail Hydra: Real-Time Detection of Algorithmically Generated Domains
A crucial technical challenge for cybercriminals is to keep control over the
potentially millions of infected devices that build up their botnets, without
compromising the robustness of their attacks. A single, fixed C&C server, for
example, can be trivially detected either by binary or traffic analysis and
immediately sink-holed or taken-down by security researchers or law
enforcement. Botnets often use Domain Generation Algorithms (DGAs), primarily
to evade take-down mechanisms. DGAs enlarge the lifespan of a malware campaign,
thus enhancing its profitability. They can also contribute to hardening attack
attribution. In this work, we introduce HYDRA the most comprehensive and
complete available dataset of Algorithmically-Generated Domains (AGD). The
dataset contains more than 100 DGA families, including both real-world and
adversarial ones. We analyse the dataset and discuss the possibility of
differentiating between benign requests (to real domains) and malicious ones
(to AGDs) in real-time. The simultaneous study of so many families and variants
introduces several challenges; nonetheless, it alleviates biases found in
previous literature that deals with small datasets and exploit some
characteristic features of particular families. To this end, we thoroughly
compare our approach with the current state-of-the-art and highlight some
methodological shortcomings in the actual state of practice. The outcomes
obtained show that our method significantly outperforms the current
state-of-the-art in terms of both accuracy and efficiency.Comment: The dataset of this paper can be found in
https://zenodo.org/record/396539