Repositorio Institucional de Documentos

Resumen: Malware detection is a problem that has become particularly challenging over the last decade. A common strategy for detecting malware is to scan network traffic for malicious connections between infected devices and their command and control (CC) servers. However, malware developers are aware of this detection method and begin to incorporate new strategies to go unnoticed. In particular, they generate domain names instead of using static Internet Protocol addresses or regular domain names pointing to their CC servers. By using a domain generation algorithm, the effectiveness of the blacklisting of domains is reduced, as the large number of domain names that must be blocked greatly increases the size of the blacklist. In this paper, we study different Long Short-Term Memory neural network hyperparameters to find the best network configuration for algorithmically generated domain name detection. In particular, we focus on determining whether the (complex) feature engineering efforts required when using other deep learning techniques, such as Random Forest, can be avoided. In this regard, we have conducted a comparative analysis to study the effect of using different network sizes and configurations on network performance metrics. Our results show an accuracy of 97.62% and an area under the receiver operating characteristic curve of 0.9956 in the test dataset, indicating that it is possible to obtain good classification results despite avoiding the feature engineering process and additional readjustments required in other machine learning techniques.
Idioma: Inglés
DOI: 10.1109/ACCESS.2021.3111307
Año: 2021
Publicado en: IEEE Access 9 (2021), 126446-126456
ISSN: 2169-3536
Factor impacto JCR: 3.476 (2021)
Categ. JCR: COMPUTER SCIENCE, INFORMATION SYSTEMS rank: 79 / 163 = 0.485 (2021) - Q2 - T2
Categ. JCR: TELECOMMUNICATIONS rank: 43 / 92 = 0.467 (2021) - Q2 - T2
Categ. JCR: ENGINEERING, ELECTRICAL & ELECTRONIC rank: 105 / 274 = 0.383 (2021) - Q2 - T2
Factor impacto CITESCORE: 6.7 - Engineering (Q1) - Computer Science (Q1) - Materials Science (Q1)

Factor impacto SCIMAGO: 0.927 - Engineering (miscellaneous) (Q1) - Computer Science (miscellaneous) (Q1)

Financiación: info:eu-repo/grantAgreement/ES/DGA/T21-20R-DISCO
Financiación: info:eu-repo/grantAgreement/ES/MICIU/Medrese-RTI2018-098543-B-I00
Financiación: info:eu-repo/grantAgreement/ES/UZ/JIUZ-2020-TIC-08
Tipo y forma: Artículo (Versión definitiva)
Área (Departamento): Área Lenguajes y Sistemas Inf. (Dpto. Informát.Ingenie.Sistms.)

Debe reconocer adecuadamente la autoría, proporcionar un enlace a la licencia e indicar si se han realizado cambios. Puede hacerlo de cualquier manera razonable, pero no de una manera que sugiera que tiene el apoyo del licenciador o lo recibe por el uso que hace. No puede utilizar el material para una finalidad comercial. Si remezcla, transforma o crea a partir del material, no puede difundir el material modificado.

Exportado de SIDERAL (2025-03-07-09:32:53)


Visitas y descargas

Este artículo se encuentra en las siguientes colecciones:
Artículos > Artículos por área > Lenguajes y Sistemas Informáticos