![]() ![]() An orchestrating entity, the botmaster, manages infected devices (bots) which in many cases can scale to the order of millions, creating a botnet (Singh et al., 2019). While device infection is the key that paves the way in, the main objectives are generally persistence and orchestration. The vast amount of sensitive information that can be extracted from compromised devices, coupled with the harnessing of their resources and processing power, provides a wide range of monetisation methods fuelling a flourishing worldwide underground economy. The continuous arms race between malware authors and security researchers has pushed modern malware to evolve into highly sophisticated software, capable of infecting millions of devices. The outcomes obtained show that our proposed approach significantly outperforms the current state-of-the-art in terms of both classification performance and efficiency. We thoroughly compare our approach with the current state-of-the-art and highlight some methodological shortcomings in the actual state of practice. The simultaneous study of so many families and variants introduces several challenges nonetheless, it alleviates biases found in previous literature employing small datasets which are frequently overfitted, exploiting characteristic features of particular families that do not generalise well. We analyse the dataset and discuss the possibility of differentiating between benign requests (to real domains) and malicious ones (to AGDs) in real-time. The dataset contains more than 100 DGA families, including both real-world and adversarially designed ones. In this work, we introduce HYDRAS, the most comprehensive and representative dataset of Algorithmically-Generated Domains (AGD) available to date. They can also contribute to hindering attack accountability. DGAs can enlarge the lifespan of a malware campaign, thus potentially enhancing its profitability. Botnets often use Domain Generation Algorithms (DGAs), primarily to evade take-down attempts. A single, fixed C&C server, for example, can be trivially detected either by binary or traffic analysis and immediately sink-holed or taken-down by security researchers or law enforcement. A crucial technical challenge for cybercriminals is to keep control over the potentially millions of infected devices that build up their botnets, without compromising the robustness of their attacks.
0 Comments
Leave a Reply. |