An Experimental Analysis of Classification Techniques for Domain Generating Algorithms (DGA) based Malicious Domains Detection

In modern days, there has been a significant surge of Domain Generating Algorithms (DGAs) based various types of cyber attacks executed by adversaries to facilitate covert server communication with the help of botnets. Such algorithms provide attackers a plethora of malicious domain names from which a subset of domain names are selected, and hence, common choices of defensive techniques, such as, blacklisting, reverse engineering, sinkholing, and preemptive registration of domains, become highly ineffective. In order to combat this dreadful situation, academia and industry based security researchers and network defenders in cyber realm have been utilizing machine learning based techniques to discover unseen malicious domain names. In our study, we present a unique experimental analysis of 13 state-of-the-art classification techniques to analyze the effectiveness of such classifiers on a large, diverse category of DGA produced malicious domain names' dataset having 80 different DGA families. We incorporate three text feature extraction methods, such as, unigram, bigram, and trigram, to explore the experimental findings to cover different aspects as well as report the performance results of each compiled machine learning model in terms of accuracy, precision score, recall score, and F-1 score. We illustrate all the built models' performances in a tabular view for the readers to best compare one model with another in a variety of experimental settings we design.