Towards Robust Domain Generation Algorithm Classification

2 code implementations • 9 Apr 2024 • Arthur Drichel, Marc Meyer, Ulrike Meyer

In this work, we conduct a comprehensive study on the robustness of domain generation algorithm (DGA) classifiers.

Classification

False Sense of Security: Leveraging XAI to Analyze the Reasoning and True Performance of Context-less DGA Classifiers

1 code implementation • 10 Jul 2023 • Arthur Drichel, Ulrike Meyer

The problem of revealing botnet activity through Domain Generation Algorithm (DGA) detection seems to be solved, considering that available deep learning classifiers achieve accuracies of over 99. 9%.

Decision Making Explainable artificial intelligence +1

Detecting Unknown DGAs without Context Information

no code implementations • 30 May 2022 • Arthur Drichel, Justus von Brandt, Ulrike Meyer

While binary classifiers can label domains of yet unknown DGAs as malicious, multiclass classifiers can only assign domains to DGAs that are known at the time of training, limiting the ability to uncover new malware families.

Attribute Binary Classification +4

Sharing FANCI Features: A Privacy Analysis of Feature Extraction for DGA Detection

no code implementations • 12 Oct 2021 • Benedikt Holmes, Arthur Drichel, Ulrike Meyer

The goal of Domain Generation Algorithm (DGA) detection is to recognize infections with bot malware and is often done with help of Machine Learning approaches that classify non-resolving Domain Name System (DNS) traffic and are trained on possibly sensitive data.

BIG-bench Machine Learning Privacy Preserving

The More, the Better? A Study on Collaborative Machine Learning for DGA Detection

no code implementations • 24 Sep 2021 • Arthur Drichel, Benedikt Holmes, Justus von Brandt, Ulrike Meyer

In this paper, we complement the research area of DGA detection by conducting a comprehensive collaborative learning study, including a total of 13, 440 evaluation runs.

Finding Phish in a Haystack: A Pipeline for Phishing Classification on Certificate Transparency Logs

1 code implementation • 23 Jun 2021 • Arthur Drichel, Vincent Drury, Justus von Brandt, Ulrike Meyer

In this paper, we present a pipeline that facilitates such evaluations by addressing a number of problems when working with CT log data.

First Step Towards EXPLAINable DGA Multiclass Classification

1 code implementation • 23 Jun 2021 • Arthur Drichel, Nils Faerber, Ulrike Meyer

Numerous malware families rely on domain generation algorithms (DGAs) to establish a connection to their command and control (C2) server.

Classification

Making Use of NXt to Nothing: The Effect of Class Imbalances on DGA Detection Classifiers

no code implementations • 1 Jul 2020 • Arthur Drichel, Ulrike Meyer, Samuel Schüppen, Dominik Teubert

Numerous machine learning classifiers have been proposed for binary classification of domain names as either benign or malicious, and even for multiclass classification to identify the domain generation algorithm (DGA) that generated a specific domain name.

Binary Classification Classification +1

Analyzing the Real-World Applicability of DGA Classifiers

no code implementations • 19 Jun 2020 • Arthur Drichel, Ulrike Meyer, Samuel Schüppen, Dominik Teubert

In this context, we propose one novel classifier based on residual neural networks for each of the two tasks and extensively evaluate them as well as previously proposed classifiers in a unified setting.