{"id":"https://openalex.org/W2894791732","doi":"https://doi.org/10.1145/3339252.3339258","title":"Detecting DGA domains with recurrent neural networks and side information","display_name":"Detecting DGA domains with recurrent neural networks and side information","publication_year":2019,"publication_date":"2019-08-09","ids":{"openalex":"https://openalex.org/W2894791732","doi":"https://doi.org/10.1145/3339252.3339258","mag":"2894791732"},"language":"en","primary_location":{"id":"doi:10.1145/3339252.3339258","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3339252.3339258","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 14th International Conference on Availability, Reliability and Security","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["arxiv","crossref","datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/1810.02023","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5026833192","display_name":"Ryan R. Curtin","orcid":"https://orcid.org/0000-0002-9903-8214"},"institutions":[{"id":"https://openalex.org/I1308906816","display_name":"NortonLifeLock (United States)","ror":"https://ror.org/0449t3a80","country_code":"US","type":"company","lineage":["https://openalex.org/I1308906816"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Ryan R. Curtin","raw_affiliation_strings":["Center for Advanced Machine Learning, Symantec Corporation, Atlanta, Georgia, USA"],"affiliations":[{"raw_affiliation_string":"Center for Advanced Machine Learning, Symantec Corporation, Atlanta, Georgia, USA","institution_ids":["https://openalex.org/I1308906816"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102460126","display_name":"Andrew B. Gardner","orcid":null},"institutions":[{"id":"https://openalex.org/I1308906816","display_name":"NortonLifeLock (United States)","ror":"https://ror.org/0449t3a80","country_code":"US","type":"company","lineage":["https://openalex.org/I1308906816"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Andrew B. Gardner","raw_affiliation_strings":["Center for Advanced Machine Learning, Symantec Corporation, Atlanta, Georgia, USA"],"affiliations":[{"raw_affiliation_string":"Center for Advanced Machine Learning, Symantec Corporation, Atlanta, Georgia, USA","institution_ids":["https://openalex.org/I1308906816"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5042012540","display_name":"S\u0142awomir Grzonkowski","orcid":null},"institutions":[{"id":"https://openalex.org/I1321014770","display_name":"Association for Computing Machinery","ror":"https://ror.org/03wsadn68","country_code":"US","type":"nonprofit","lineage":["https://openalex.org/I1321014770"]},{"id":"https://openalex.org/I4210098805","display_name":"NortonLifeLock (Ireland)","ror":"https://ror.org/0114r0003","country_code":"IE","type":"company","lineage":["https://openalex.org/I1308906816","https://openalex.org/I4210098805"]}],"countries":["IE","US"],"is_corresponding":false,"raw_author_name":"Slawomir Grzonkowski","raw_affiliation_strings":["Targeted Attack Analytics, Symantec Corporation, Dublin, Ireland","Association for Computing Machinery"],"affiliations":[{"raw_affiliation_string":"Targeted Attack Analytics, Symantec Corporation, Dublin, Ireland","institution_ids":["https://openalex.org/I4210098805"]},{"raw_affiliation_string":"Association for Computing Machinery","institution_ids":["https://openalex.org/I1321014770"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5089354836","display_name":"Alexey Kleymenov","orcid":null},"institutions":[{"id":"https://openalex.org/I4210098805","display_name":"NortonLifeLock (Ireland)","ror":"https://ror.org/0114r0003","country_code":"IE","type":"company","lineage":["https://openalex.org/I1308906816","https://openalex.org/I4210098805"]}],"countries":["IE"],"is_corresponding":false,"raw_author_name":"Alexey Kleymenov","raw_affiliation_strings":["Targeted Attack Analytics, Symantec Corporation, Dublin, Ireland"],"affiliations":[{"raw_affiliation_string":"Targeted Attack Analytics, Symantec Corporation, Dublin, Ireland","institution_ids":["https://openalex.org/I4210098805"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5047925283","display_name":"Alejandro Mosquera","orcid":"https://orcid.org/0000-0002-6020-3569"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Alejandro Mosquera","raw_affiliation_strings":["Targeted Attack Analytics Symantec Corporation Reading, Berkshire, UK"],"affiliations":[{"raw_affiliation_string":"Targeted Attack Analytics Symantec Corporation Reading, Berkshire, UK","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5026833192"],"corresponding_institution_ids":["https://openalex.org/I1308906816"],"apc_list":null,"apc_paid":null,"fwci":2.0107,"has_fulltext":true,"cited_by_count":13,"citation_normalized_percentile":{"value":0.867464,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"10"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9983999729156494,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.998199999332428,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.7168469429016113},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7067826986312866},{"id":"https://openalex.org/keywords/domain","display_name":"Domain (mathematical analysis)","score":0.6512099504470825},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.6146199107170105},{"id":"https://openalex.org/keywords/task","display_name":"Task (project management)","score":0.5521039366722107},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.485257625579834},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.47077178955078125},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.14760160446166992},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.12937325239181519}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.7168469429016113},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7067826986312866},{"id":"https://openalex.org/C36503486","wikidata":"https://www.wikidata.org/wiki/Q11235244","display_name":"Domain (mathematical analysis)","level":2,"score":0.6512099504470825},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.6146199107170105},{"id":"https://openalex.org/C2780451532","wikidata":"https://www.wikidata.org/wiki/Q759676","display_name":"Task (project management)","level":2,"score":0.5521039366722107},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.485257625579834},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.47077178955078125},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.14760160446166992},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.12937325239181519},{"id":"https://openalex.org/C201995342","wikidata":"https://www.wikidata.org/wiki/Q682496","display_name":"Systems engineering","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C134306372","wikidata":"https://www.wikidata.org/wiki/Q7754","display_name":"Mathematical analysis","level":1,"score":0.0}],"mesh":[],"locations_count":4,"locations":[{"id":"doi:10.1145/3339252.3339258","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3339252.3339258","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 14th International Conference on Availability, Reliability and Security","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:1810.02023","is_oa":true,"landing_page_url":"http://arxiv.org/abs/1810.02023","pdf_url":"https://arxiv.org/pdf/1810.02023","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"public-domain","license_id":"https://openalex.org/licenses/public-domain","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},{"id":"mag:2894791732","is_oa":true,"landing_page_url":"https://arxiv.org/pdf/1810.02023v1","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"arXiv (Cornell University)","raw_type":null},{"id":"doi:10.48550/arxiv.1810.02023","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.1810.02023","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:1810.02023","is_oa":true,"landing_page_url":"http://arxiv.org/abs/1810.02023","pdf_url":"https://arxiv.org/pdf/1810.02023","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"public-domain","license_id":"https://openalex.org/licenses/public-domain","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2894791732.pdf","grobid_xml":"https://content.openalex.org/works/W2894791732.grobid-xml"},"referenced_works_count":48,"referenced_works":["https://openalex.org/W17316494","https://openalex.org/W1492347181","https://openalex.org/W1531572846","https://openalex.org/W1561983441","https://openalex.org/W1815076433","https://openalex.org/W1951216520","https://openalex.org/W1954903228","https://openalex.org/W1981294881","https://openalex.org/W1995875735","https://openalex.org/W2018970719","https://openalex.org/W2064675550","https://openalex.org/W2078622638","https://openalex.org/W2079735306","https://openalex.org/W2101234009","https://openalex.org/W2102283838","https://openalex.org/W2144211451","https://openalex.org/W2146729596","https://openalex.org/W2160289821","https://openalex.org/W2169172206","https://openalex.org/W2188333210","https://openalex.org/W2296396094","https://openalex.org/W2402144811","https://openalex.org/W2510523362","https://openalex.org/W2518248186","https://openalex.org/W2528572867","https://openalex.org/W2546910111","https://openalex.org/W2557283755","https://openalex.org/W2565766771","https://openalex.org/W2584414817","https://openalex.org/W2591856843","https://openalex.org/W2594867206","https://openalex.org/W2620022311","https://openalex.org/W2744095836","https://openalex.org/W2766805006","https://openalex.org/W2773270814","https://openalex.org/W2786906486","https://openalex.org/W2950527759","https://openalex.org/W2951527505","https://openalex.org/W2963207607","https://openalex.org/W2963564844","https://openalex.org/W2964082701","https://openalex.org/W2964153729","https://openalex.org/W2964301649","https://openalex.org/W2993330478","https://openalex.org/W2993383518","https://openalex.org/W4251448448","https://openalex.org/W6675354045","https://openalex.org/W6734094136"],"related_works":["https://openalex.org/W2968390691","https://openalex.org/W2768793959","https://openalex.org/W3120836831","https://openalex.org/W2786906486","https://openalex.org/W3170053486","https://openalex.org/W3020685193","https://openalex.org/W1502620665","https://openalex.org/W3091621850","https://openalex.org/W2471817886","https://openalex.org/W39384509","https://openalex.org/W3120991519","https://openalex.org/W2865829684","https://openalex.org/W3016381014","https://openalex.org/W2042378654","https://openalex.org/W2951200537","https://openalex.org/W3080746210","https://openalex.org/W2519761291","https://openalex.org/W2501554705","https://openalex.org/W3029189887","https://openalex.org/W2290910994"],"abstract_inverted_index":{"Modern":[0],"malware":[1,250],"typically":[2],"makes":[3,81],"use":[4,71],"of":[5,49,60,92,145,164,206,247],"a":[6,90,105,121,143,146,228,245,248],"domain":[7,78,153,231],"generation":[8],"algorithm":[9],"(DGA)":[10],"to":[11,31,38,74,186,203],"avoid":[12],"command":[13,41],"and":[14,42,64,183,197],"control":[15,43],"domains":[16,34,51,63,124,167],"or":[17,21],"IPs":[18],"being":[19],"seized":[20],"sinkholed.":[22],"This":[23],"means":[24],"that":[25,114,177,214,220],"an":[26,36,53,234],"infected":[27],"system":[28],"may":[29],"attempt":[30,37],"access":[32],"many":[33,69],"in":[35,227],"contact":[39],"the":[40,46,58,98,160,204,207,239],"server.":[44],"Therefore,":[45],"automatic":[47,82],"detection":[48,83,251],"DGA":[50,95,106,122,171,190,212,230],"is":[52,142,162,184,209],"important":[54],"task,":[55],"both":[56],"for":[57,94,211],"sake":[59],"blocking":[61],"malicious":[62],"identifying":[65,166],"compromised":[66],"hosts.":[67],"However,":[68],"DGAs":[70],"English":[72,110,132,216],"wordlists":[73],"generate":[75],"plausibly":[76],"clean-looking":[77],"names;":[79],"this":[80,86,101,115,221],"difficult.":[84],"In":[85],"work,":[87],"we":[88],"devise":[89],"notion":[91],"difficulty":[93],"families":[96,191,213],"called":[97],"smashword":[99],"score;":[100],"measures":[102],"how":[103,119],"much":[104,120],"family":[107],"looks":[108],"like":[109,126],"words.":[111,133,217],"We":[112,134,218],"find":[113],"measure":[116],"accurately":[117],"reflects":[118],"family's":[123],"look":[125],"they":[127],"are":[128],"made":[129],"from":[130],"natural":[131],"then":[135],"describe":[136],"our":[137,178],"new":[138],"modeling":[139],"approach,":[140],"which":[141],"combination":[144],"novel":[147],"recurrent":[148],"neural":[149],"network":[150],"architecture":[151],"with":[152],"registration":[154],"side":[155],"information.":[156],"Our":[157,173],"experiments":[158,174],"show":[159,176],"model":[161,179,222,240],"capable":[163],"effectively":[165],"generated":[168],"by":[169],"difficult":[170,189],"families.":[172],"also":[175],"outperforms":[180],"existing":[181],"approaches,":[182],"able":[185],"reliably":[187],"detect":[188],"such":[192],"as":[193,233,244],"matsnu,":[194],"suppobox,":[195],"rovnix,":[196],"others.":[198],"The":[199],"model's":[200],"performance":[201],"compared":[202],"state":[205],"art":[208],"best":[210],"resemble":[215],"believe":[219],"could":[223,241],"either":[224],"be":[225,242],"used":[226,243],"standalone":[229],"detector---such":[232],"endpoint":[235],"security":[236],"application---or":[237],"alternately":[238],"part":[246],"larger":[249],"system.":[252]},"counts_by_year":[{"year":2022,"cited_by_count":3},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":3},{"year":2019,"cited_by_count":5},{"year":2018,"cited_by_count":1}],"updated_date":"2026-03-20T23:20:44.827607","created_date":"2025-10-10T00:00:00"}