000161966 001__ 161966
000161966 005__ 20251017144554.0
000161966 0247_ $$2doi$$a10.1016/j.eswa.2025.128629
000161966 0248_ $$2sideral$$a144593
000161966 037__ $$aART-2025-144593
000161966 041__ $$aeng
000161966 100__ $$aPelayo-Benedet, Tomás$$uUniversidad de Zaragoza
000161966 245__ $$aRAMPAGE: a software framework to ensure reproducibility in algorithmically generated domains detection
000161966 260__ $$c2025
000161966 5060_ $$aAccess copy available to the general public$$fUnrestricted
000161966 5203_ $$aAs part of its life cycle, malware can establish communication with its command and control server. To bypass static protection techniques, such as blocking certain IPs in firewalls or DNS server deny lists, malware can use algorithmically generated domains (AGD). Many different solutions based on deep learning have been proposed during the last years to detect this type of domains. However, there is a lack of ability to compare the proposed models because there is no common framework that allows experiments to be replicated under the same conditions. Each previous work shows its evaluation results, but under different experimentation conditions and even with different datasets. In this paper, we address this gap by proposing a software framework, dubbed Rampage (fRAMework to comPAre aGd dEtectors), focused on training and comparing machine learning models for AGD detection. Furthermore, we propose a new model that uses logistic regression and, using Rampage to obtain a fair comparison with different state-of-the-art models, achieves slightly better results than those obtained so far. In addition, the dataset built from real-world samples for evaluation, as well as the source code of Rampage, are also publicly released to facilitate its use and promote experimental reproducibility in this research field.
000161966 536__ $$9info:eu-repo/grantAgreement/ES/DGA/T21-23R$$9info:eu-repo/grantAgreement/ES/MCIU/PID2023-151467OA-I00$$9info:eu-repo/grantAgreement/EUR/MICINN/TED2021-131115A-I00
000161966 540__ $$9info:eu-repo/semantics/openAccess$$aby-nc-nd$$uhttps://creativecommons.org/licenses/by-nc-nd/4.0/deed.es
000161966 655_4 $$ainfo:eu-repo/semantics/article$$vinfo:eu-repo/semantics/publishedVersion
000161966 700__ $$0(orcid)0000-0001-7982-0359$$aRodríguez, Ricardo J.$$uUniversidad de Zaragoza
000161966 700__ $$aGañán, Carlos H.
000161966 7102_ $$15007$$2570$$aUniversidad de Zaragoza$$bDpto. Informát.Ingenie.Sistms.$$cÁrea Lenguajes y Sistemas Inf.
000161966 773__ $$g293 (2025), 128629$$pExpert syst. appl.$$tExpert Systems with Applications$$x0957-4174
000161966 8564_ $$s3102593$$uhttps://zaguan.unizar.es/record/161966/files/texto_completo.pdf$$yVersión publicada
000161966 8564_ $$s2666524$$uhttps://zaguan.unizar.es/record/161966/files/texto_completo.jpg?subformat=icon$$xicon$$yVersión publicada
000161966 909CO $$ooai:zaguan.unizar.es:161966$$particulos$$pdriver
000161966 951__ $$a2025-10-17-14:12:41
000161966 980__ $$aARTICLE