Atlantis Institut des Sciences Fictives

Resumen: As part of its life cycle, malware can establish communication with its command and control server. To bypass static protection techniques, such as blocking certain IPs in firewalls or DNS server deny lists, malware can use algorithmically generated domains (AGD). Many different solutions based on deep learning have been proposed during the last years to detect this type of domains. However, there is a lack of ability to compare the proposed models because there is no common framework that allows experiments to be replicated under the same conditions. Each previous work shows its evaluation results, but under different experimentation conditions and even with different datasets. In this paper, we address this gap by proposing a software framework, dubbed Rampage (fRAMework to comPAre aGd dEtectors), focused on training and comparing machine learning models for AGD detection. Furthermore, we propose a new model that uses logistic regression and, using Rampage to obtain a fair comparison with different state-of-the-art models, achieves slightly better results than those obtained so far. In addition, the dataset built from real-world samples for evaluation, as well as the source code of Rampage, are also publicly released to facilitate its use and promote experimental reproducibility in this research field.
Idioma: Inglés
DOI: 10.1016/j.eswa.2025.128629
Año: 2025
Publicado en: Expert Systems with Applications 293 (2025), 128629
ISSN: 0957-4174
Financiación: info:eu-repo/grantAgreement/ES/DGA/T21-23R
Financiación: info:eu-repo/grantAgreement/ES/MCIU/PID2023-151467OA-I00
Financiación: info:eu-repo/grantAgreement/EUR/MICINN/TED2021-131115A-I00
Tipo y forma: Article (Published version)
Área (Departamento): Área Lenguajes y Sistemas Inf. (Dpto. Informát.Ingenie.Sistms.)
Exportado de SIDERAL (2025-10-17-14:12:41)


Visitas y descargas

Este artículo se encuentra en las siguientes colecciones:
articulos > articulos-por-area > lenguajes_y_sistemas_informaticos