NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Machine Learning-Based Algorithmically Generated Domain Detection

Published

Author(s)

Zheng Wang, Yang Guo, Douglas Montgomery

Abstract

Malware like botnets typically uses domain generation algorithms (DGAs) to dynamically produce a large number of random algorithmically generated domains (AGDs) and use a few of them to communicate with the command and control servers. AGD detection provides a lightweight yet effective solution to the threats imposed by DGA-based malware. For example, the linguistic distance between domain names was found as the promising metric to identify AGDs from benign domains. However, the distance metrics are not informatively enough used by the conventional approach. We propose to use machine learning algorithms on the distance metrics. Feature engineering techniques are proposed to boost detection performance. The results show that our proposal can outperform the existing algorithms, with a detection accuracy of over 99% for the tested DGAs. The permutation feature importance analysis is presented for explainability. The deployment locations of the AGD detectors are discussed.
Citation
Computers & Electrical Engineering
Volume
100
Pub Type
Journals

Download Paper

https://doi.org/10.1016/j.compeleceng.2022.107841
Local Download

Keywords

domain generation algorithm, malware detection, generative model, machine learning, domain name system
Trustworthy networks, Networking, Network security and robustness, Cybersecurity and privacy and Artificial intelligence

Citation

Wang, Z. , Guo, Y. and Montgomery, D. (2022), Machine Learning-Based Algorithmically Generated Domain Detection, Computers & Electrical Engineering, [online], https://doi.org/10.1016/j.compeleceng.2022.107841, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=930537 (Accessed October 14, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created May 1, 2022, Updated September 29, 2025
Was this page helpful?