AI-based detection of DNS misuse for network security

Irina Chiscop, Francesca Soro, Paul Smith

Publikation: Beitrag in Buch oder TagungsbandVortrag mit Beitrag in TagungsbandBegutachtung


Threat hunting and malware prediction are critical activities to ensure network and system security. These tasks are difficult due to increasing numbers of sophisticated malware families. Automatically detecting anomalous Domain Name System (DNS) queries in operational traffic facilitates the detection of new malware infections, significantly contributing to the work of security practitioners. In this paper, we present two AI-based Domain Generation Algorithm (DGA) detection and classification techniques - a feature-based one, leveraging classic Machine Learning algorithms and a featureless one, based on Deep Learning - specifically intended to aid in this task. Both techniques are designed to be integrated in operational environments, dealing with hundreds of thousands to millions of new malware samples per day. We report the implementation details, the classification performance, the advantages and shortcomings for both techniques, as well as experiences from the deployment of this system in an industrial environment. We show that both techniques reach more than the 90% of accuracy in the case of binary DGA detection, with a slight degradation in performance in the multi-class classification case, in which the results strongly depend on the malware type.
TitelProceedings of the 1st International Workshop on Native Network Intelligence
PublikationsstatusVeröffentlicht - 6 Dez. 2022
Veranstaltung1st International Workshop on Native Network Intelligence -
Dauer: 9 Dez. 2022 → …


Konferenz1st International Workshop on Native Network Intelligence
Zeitraum9/12/22 → …

Research Field

  • Cyber Security


Untersuchen Sie die Forschungsthemen von „AI-based detection of DNS misuse for network security“. Zusammen bilden sie einen einzigartigen Fingerprint.

Diese Publikation zitieren