The identification and detection of Domain Generation Algorithms
The identification and detection of Domain Generation Algorithms The malware wants to keep communication points open with the Command and Control (C2) servers to receive instructions on what to do with the infected host. However, when the domain information of this server is detected and blocked by IT security, will the problem be solved? Bad news, no! Because the malware dynamically produces the domain name in order to maintain contact with the C2 servers, if someone is blocked, it may quickly move to the newly generated domain name. As you can see, we will take a closer look at our major player DGAs in this post, whose detection is critical for DNS security. The flow will be like this; What is DGA? - DGA and NonDGA DGA Families and Examples DGA Detection - Datasets - Articles Our work as CRYPTTECH What is DGA? D GAs are a large family of algorithms that help malware periodically generate large numbers of domain names that can be used as points of contact with Command and Contro...