{"id":"https://openalex.org/W2900892325","doi":"https://doi.org/10.1109/bigdata.2018.8622066","title":"Inline Detection of Domain Generation Algorithms with Context-Sensitive Word Embeddings","display_name":"Inline Detection of Domain Generation Algorithms with Context-Sensitive Word Embeddings","publication_year":2018,"publication_date":"2018-12-01","ids":{"openalex":"https://openalex.org/W2900892325","doi":"https://doi.org/10.1109/bigdata.2018.8622066","mag":"2900892325"},"language":"en","primary_location":{"id":"doi:10.1109/bigdata.2018.8622066","is_oa":false,"landing_page_url":"https://doi.org/10.1109/bigdata.2018.8622066","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2018 IEEE International Conference on Big Data (Big Data)","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["arxiv","crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/1811.08705","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5054640079","display_name":"Joewie J. Koh","orcid":"https://orcid.org/0000-0002-4259-3014"},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Joewie J. Koh","raw_affiliation_strings":["Georgia Institute of Technology, Atlanta, Georgia"],"affiliations":[{"raw_affiliation_string":"Georgia Institute of Technology, Atlanta, Georgia","institution_ids":["https://openalex.org/I130701444"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5044348273","display_name":"Barton Rhodes","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Barton Rhodes","raw_affiliation_strings":["Optfit LLC, Denver, Colorado"],"affiliations":[{"raw_affiliation_string":"Optfit LLC, Denver, Colorado","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5054640079"],"corresponding_institution_ids":["https://openalex.org/I130701444"],"apc_list":null,"apc_paid":null,"fwci":3.4846,"has_fulltext":false,"cited_by_count":39,"citation_normalized_percentile":{"value":0.93858905,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":95,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"2966","last_page":"2971"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9983000159263611,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9983000159263611,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9864000082015991,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9854000210762024,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7817763090133667},{"id":"https://openalex.org/keywords/classifier","display_name":"Classifier (UML)","score":0.6744375228881836},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.6350694894790649},{"id":"https://openalex.org/keywords/convolutional-neural-network","display_name":"Convolutional neural network","score":0.5219773054122925},{"id":"https://openalex.org/keywords/word","display_name":"Word (group theory)","score":0.5160970091819763},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.5016345977783203},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.45576485991477966},{"id":"https://openalex.org/keywords/training-set","display_name":"Training set","score":0.43384960293769836},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.4323990046977997},{"id":"https://openalex.org/keywords/pattern-recognition","display_name":"Pattern recognition (psychology)","score":0.4133094847202301},{"id":"https://openalex.org/keywords/natural-language-processing","display_name":"Natural language processing","score":0.40243250131607056},{"id":"https://openalex.org/keywords/speech-recognition","display_name":"Speech recognition","score":0.3695043921470642},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.08845588564872742}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7817763090133667},{"id":"https://openalex.org/C95623464","wikidata":"https://www.wikidata.org/wiki/Q1096149","display_name":"Classifier (UML)","level":2,"score":0.6744375228881836},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.6350694894790649},{"id":"https://openalex.org/C81363708","wikidata":"https://www.wikidata.org/wiki/Q17084460","display_name":"Convolutional neural network","level":2,"score":0.5219773054122925},{"id":"https://openalex.org/C90805587","wikidata":"https://www.wikidata.org/wiki/Q10944557","display_name":"Word (group theory)","level":2,"score":0.5160970091819763},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.5016345977783203},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.45576485991477966},{"id":"https://openalex.org/C51632099","wikidata":"https://www.wikidata.org/wiki/Q3985153","display_name":"Training set","level":2,"score":0.43384960293769836},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.4323990046977997},{"id":"https://openalex.org/C153180895","wikidata":"https://www.wikidata.org/wiki/Q7148389","display_name":"Pattern recognition (psychology)","level":2,"score":0.4133094847202301},{"id":"https://openalex.org/C204321447","wikidata":"https://www.wikidata.org/wiki/Q30642","display_name":"Natural language processing","level":1,"score":0.40243250131607056},{"id":"https://openalex.org/C28490314","wikidata":"https://www.wikidata.org/wiki/Q189436","display_name":"Speech recognition","level":1,"score":0.3695043921470642},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.08845588564872742},{"id":"https://openalex.org/C2524010","wikidata":"https://www.wikidata.org/wiki/Q8087","display_name":"Geometry","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/bigdata.2018.8622066","is_oa":false,"landing_page_url":"https://doi.org/10.1109/bigdata.2018.8622066","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2018 IEEE International Conference on Big Data (Big Data)","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:1811.08705","is_oa":true,"landing_page_url":"http://arxiv.org/abs/1811.08705","pdf_url":"https://arxiv.org/pdf/1811.08705","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:1811.08705","is_oa":true,"landing_page_url":"http://arxiv.org/abs/1811.08705","pdf_url":"https://arxiv.org/pdf/1811.08705","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/4","score":0.47999998927116394,"display_name":"Quality Education"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":31,"referenced_works":["https://openalex.org/W1561983441","https://openalex.org/W2078622638","https://openalex.org/W2158698691","https://openalex.org/W2464432954","https://openalex.org/W2546910111","https://openalex.org/W2611669587","https://openalex.org/W2759618680","https://openalex.org/W2768793959","https://openalex.org/W2773270814","https://openalex.org/W2773671123","https://openalex.org/W2786906486","https://openalex.org/W2804240301","https://openalex.org/W2830511950","https://openalex.org/W2890022913","https://openalex.org/W2890928763","https://openalex.org/W2894791732","https://openalex.org/W2912761498","https://openalex.org/W2962739339","https://openalex.org/W2963026768","https://openalex.org/W2963756346","https://openalex.org/W3044847442","https://openalex.org/W4302343710","https://openalex.org/W6632248436","https://openalex.org/W6633578641","https://openalex.org/W6719105664","https://openalex.org/W6729497825","https://openalex.org/W6742080785","https://openalex.org/W6744821220","https://openalex.org/W6755170156","https://openalex.org/W6758764520","https://openalex.org/W6780921017"],"related_works":["https://openalex.org/W2981877337","https://openalex.org/W3203938600","https://openalex.org/W2169074127","https://openalex.org/W83146503","https://openalex.org/W2163707935","https://openalex.org/W202723009","https://openalex.org/W2145955964","https://openalex.org/W2188612292","https://openalex.org/W2165396616","https://openalex.org/W2058882606"],"abstract_inverted_index":{"Domain":[0],"generation":[1],"algorithms":[2],"(DGAs)":[3],"are":[4],"frequently":[5],"employed":[6],"by":[7,55],"malware":[8],"to":[9,15,40,75,171,174,257],"generate":[10,53],"domains":[11,54,79],"used":[12],"for":[13,126],"connecting":[14],"command-and-control":[16],"(C2)":[17],"servers.":[18],"Recent":[19],"work":[20],"in":[21,122],"DGA":[22,50,144,149,159,210,250,265],"detection":[23,193,215],"leveraged":[24],"deep":[25],"learning":[26,248],"architectures":[27],"like":[28],"convolutional":[29],"neural":[30],"networks":[31,38],"(CNNs)":[32],"and":[33,94,152,212],"character-level":[34],"long":[35],"short-term":[36],"memory":[37],"(LSTMs)":[39],"classify":[41],"domains.":[42],"However,":[43],"these":[44,228],"classifiers":[45],"perform":[46,76],"poorly":[47],"with":[48,70,129,146,156,195,217],"wordlist-based":[49,143,264],"families,":[51],"which":[52],"pseudorandomly":[56],"concatenating":[57],"dictionary":[58],"words.":[59],"We":[60,133],"propose":[61],"a":[62,71,90,191,196,213,218],"novel":[63],"approach":[64],"that":[65,135,225,239],"combines":[66],"context-sensitive":[67],"word":[68,85],"embeddings":[69,86],"simple":[72],"fully-connected":[73],"classifier":[74,189,247,254],"classification":[77],"of":[78,107,118,167,208,227,232,262],"based":[80],"on":[81,89,100,142,184,204,245],"word-level":[82],"information.":[83],"The":[84,103],"were":[87],"pre-trained":[88],"large":[91],"unrelated":[92],"corpus":[93],"left":[95],"frozen":[96],"during":[97],"the":[98,116,123,181,185,188,209,246,249,253,259,263],"training":[99,113,131,150,160,203],"domain":[101],"data.":[102],"resulting":[104],"small":[105,130],"number":[106],"trainable":[108],"parameters":[109],"enabled":[110],"extremely":[111],"short":[112],"durations,":[114],"while":[115,163],"transfer":[117],"language":[119],"knowledge":[120],"stored":[121],"representations":[124],"allowed":[125],"high-performing":[127],"models":[128],"datasets.":[132],"show":[134],"this":[136,240],"architecture":[137],"reliably":[138],"outperformed":[139],"existing":[140],"techniques":[141],"families":[145],"just":[147],"30":[148,206],"examples":[151,207],"achieved":[153],"state-of-the-art":[154],"performance":[155,183],"around":[157],"100":[158],"examples,":[161],"all":[162],"requiring":[164],"an":[165],"order":[166],"magnitude":[168],"less":[169],"time":[170],"train":[172],"compared":[173],"current":[175],"techniques.":[176],"Of":[177],"special":[178],"note":[179],"is":[180,255],"technique's":[182],"matsnu":[186],"DGA:":[187],"attained":[190],"89.5%":[192],"rate":[194,200,216],"1:1,000":[197],"false":[198],"positive":[199],"(FPR)":[201],"after":[202,221],"only":[205],"domains,":[211],"91.2%":[214],"1:10,000":[219],"FPR":[220],"90":[222],"examples.":[223],"Considering":[224],"some":[226],"DGAs":[229],"have":[230],"wordlists":[231],"several":[233],"hundred":[234],"words,":[235],"our":[236],"results":[237],"demonstrate":[238],"technique":[241],"does":[242],"not":[243],"rely":[244],"wordlists.":[251],"Instead,":[252],"able":[256],"learn":[258],"semantic":[260],"signatures":[261],"families.":[266]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":6},{"year":2023,"cited_by_count":4},{"year":2022,"cited_by_count":6},{"year":2021,"cited_by_count":5},{"year":2020,"cited_by_count":9},{"year":2019,"cited_by_count":7}],"updated_date":"2026-03-20T23:20:44.827607","created_date":"2025-10-10T00:00:00"}