Кулаков Александр Сергеевич
Detecting Malware Domain Names Using Machine Learning
Системы больших данных
Today botnets are becoming more sophisticated and use DGA algorithms to generate domain names for command and control servers (C&C). The main reason for using this approach is to avoid protection against classic security tools such as firewall and IPS. The problem of detecting such names is quite popular today and many researchers have tried to solve it in various ways but using Machine Learning algorithms provides an opportunity to improve detecting and do it in real time. This paper presents an attempt to thoroughly investigate Logistic Regression, SVM, Random Forest, Decision Tree algorithms, evaluate them on the DGA dataset and create a security system module for detecting malicious domains in real time.