{"id":"https://openalex.org/W4281856661","doi":"https://doi.org/10.1145/3538969.3538990","title":"Detecting Unknown DGAs without Context Information","display_name":"Detecting Unknown DGAs without Context Information","publication_year":2022,"publication_date":"2022-08-17","ids":{"openalex":"https://openalex.org/W4281856661","doi":"https://doi.org/10.1145/3538969.3538990"},"language":"en","primary_location":{"id":"doi:10.1145/3538969.3538990","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3538969.3538990","pdf_url":null,"source":{"id":"https://openalex.org/S4363608926","display_name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["arxiv","crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/2205.14940","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5063993176","display_name":"Arthur Drichel","orcid":"https://orcid.org/0000-0001-7326-7273"},"institutions":[{"id":"https://openalex.org/I887968799","display_name":"RWTH Aachen University","ror":"https://ror.org/04xfq0f34","country_code":"DE","type":"education","lineage":["https://openalex.org/I887968799"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Arthur Drichel","raw_affiliation_strings":["RWTH Aachen University, Germany"],"affiliations":[{"raw_affiliation_string":"RWTH Aachen University, Germany","institution_ids":["https://openalex.org/I887968799"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5069473892","display_name":"Justus von Brandt","orcid":null},"institutions":[{"id":"https://openalex.org/I887968799","display_name":"RWTH Aachen University","ror":"https://ror.org/04xfq0f34","country_code":"DE","type":"education","lineage":["https://openalex.org/I887968799"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Justus von Brandt","raw_affiliation_strings":["RWTH Aachen University, Germany"],"affiliations":[{"raw_affiliation_string":"RWTH Aachen University, Germany","institution_ids":["https://openalex.org/I887968799"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5001580305","display_name":"Ulrike Meyer","orcid":"https://orcid.org/0000-0002-2569-1042"},"institutions":[{"id":"https://openalex.org/I887968799","display_name":"RWTH Aachen University","ror":"https://ror.org/04xfq0f34","country_code":"DE","type":"education","lineage":["https://openalex.org/I887968799"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Ulrike Meyer","raw_affiliation_strings":["RWTH Aachen University, Germany"],"affiliations":[{"raw_affiliation_string":"RWTH Aachen University, Germany","institution_ids":["https://openalex.org/I887968799"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5063993176"],"corresponding_institution_ids":["https://openalex.org/I887968799"],"apc_list":null,"apc_paid":null,"fwci":1.3855,"has_fulltext":false,"cited_by_count":4,"citation_normalized_percentile":{"value":0.76938916,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"12"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12111","display_name":"Industrial Vision Systems and Defect Detection","score":0.9984999895095825,"subfield":{"id":"https://openalex.org/subfields/2209","display_name":"Industrial and Manufacturing Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12111","display_name":"Industrial Vision Systems and Defect Detection","score":0.9984999895095825,"subfield":{"id":"https://openalex.org/subfields/2209","display_name":"Industrial and Manufacturing Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9983999729156494,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12535","display_name":"Machine Learning and Data Classification","score":0.9936000108718872,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6187934875488281},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.5963649749755859},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.33559346199035645},{"id":"https://openalex.org/keywords/geography","display_name":"Geography","score":0.19700992107391357}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6187934875488281},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.5963649749755859},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.33559346199035645},{"id":"https://openalex.org/C205649164","wikidata":"https://www.wikidata.org/wiki/Q1071","display_name":"Geography","level":0,"score":0.19700992107391357},{"id":"https://openalex.org/C166957645","wikidata":"https://www.wikidata.org/wiki/Q23498","display_name":"Archaeology","level":1,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1145/3538969.3538990","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3538969.3538990","pdf_url":null,"source":{"id":"https://openalex.org/S4363608926","display_name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:2205.14940","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2205.14940","pdf_url":"https://arxiv.org/pdf/2205.14940","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},{"id":"pmh:oai:publications.rwth-aachen.de:852505","is_oa":false,"landing_page_url":"https://publications.rwth-aachen.de/record/852505","pdf_url":null,"source":{"id":"https://openalex.org/S4306401033","display_name":"RWTH Publications (RWTH Aachen)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I887968799","host_organization_name":"RWTH Aachen University","host_organization_lineage":["https://openalex.org/I887968799"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Proceedings of the 17th International Conference on Availability, Reliability and Security<br/>17. International Conference on Availability, Reliability and Security, ARES 2022, Vienna, Austria, 2022-08-23 - 2022-08-26","raw_type":"info:eu-repo/semantics/publishedVersion"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:2205.14940","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2205.14940","pdf_url":"https://arxiv.org/pdf/2205.14940","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.5699999928474426}],"awards":[{"id":"https://openalex.org/G5200176330","display_name":null,"funder_award_id":"833418","funder_id":"https://openalex.org/F4320332999","funder_display_name":"Horizon 2020 Framework Programme"}],"funders":[{"id":"https://openalex.org/F4320332999","display_name":"Horizon 2020 Framework Programme","ror":"https://ror.org/00k4n6c32"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":23,"referenced_works":["https://openalex.org/W1561983441","https://openalex.org/W1585610988","https://openalex.org/W2146082061","https://openalex.org/W2350778671","https://openalex.org/W2464432954","https://openalex.org/W2531327146","https://openalex.org/W2546910111","https://openalex.org/W2768793959","https://openalex.org/W2786906486","https://openalex.org/W2867167548","https://openalex.org/W2884282566","https://openalex.org/W2889547652","https://openalex.org/W2920311927","https://openalex.org/W2963061824","https://openalex.org/W2963384319","https://openalex.org/W2981902149","https://openalex.org/W3034230713","https://openalex.org/W3036942035","https://openalex.org/W3038869516","https://openalex.org/W3112858938","https://openalex.org/W3171087525","https://openalex.org/W3195607362","https://openalex.org/W4288079986"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W4396696052","https://openalex.org/W4402327032","https://openalex.org/W2382290278"],"abstract_inverted_index":{"New":[0],"malware":[1,88],"emerges":[2],"at":[3,77],"a":[4,95,122,132,165,169,210,222],"rapid":[5],"pace":[6],"and":[7,23,40,120,135,189,207],"often":[8],"incorporates":[9],"Domain":[10],"Generation":[11],"Algorithms":[12],"(DGAs)":[13],"to":[14,20,32,46,72,85,139,191,213,235],"avoid":[15],"blocking":[16],"the":[17,21,47,78,83,99,129,148,177,192,197],"malware\u2019s":[18],"connection":[19],"command":[22],"control":[24],"(C2)":[25],"server.":[26],"Current":[27],"state-of-the-art":[28,154],"classifiers":[29,56,67],"are":[30,75,200],"able":[31],"separate":[33],"benign":[34],"from":[35],"malicious":[36],"domains":[37,59,71],"(binary":[38],"classification)":[39],"attribute":[41],"them":[42,51],"with":[43,144,168,221],"high":[44,145],"probability":[45],"DGAs":[48,63,73,143],"that":[49,74,229],"generated":[50],"(multiclass":[52],"classification).":[53],"While":[54],"binary":[55],"can":[57,68,230],"label":[58],"of":[60,80,101,108,131,171,180,196,225],"yet":[61,124],"unknown":[62,142],"as":[64],"malicious,":[65],"multiclass":[66],"only":[69],"assign":[70],"known":[76,158,181],"time":[79],"training,":[81],"limiting":[82],"ability":[84],"uncover":[86],"new":[87,102],"families.":[89,174],"In":[90],"this":[91],"work,":[92],"we":[93],"perform":[94],"comprehensive":[96],"study":[97,220],"on":[98,128,164,209],"detection":[100],"DGAs,":[103,182],"which":[104],"includes":[105],"an":[106,232],"evaluation":[107,161,184],"59,690":[109],"classifiers.":[110],"We":[111,216],"examine":[112],"four":[113],"different":[114,118],"approaches":[115,198],"in":[116],"15":[117],"configurations":[119],"propose":[121],"simple":[123],"effective":[125],"approach":[126,152],"based":[127,163],"combination":[130],"softmax":[133],"classifier":[134,234],"regular":[136],"expressions":[137],"(regexes)":[138],"detect":[140],"multiple":[141],"probability.":[146],"At":[147],"same":[149],"time,":[150],"our":[151,183,219],"retains":[153],"classification":[155],"performance":[156],"for":[157],"DGAs.":[159],"Our":[160],"is":[162,186],"leave-one-group-out":[166],"cross-validation":[167],"total":[170],"94":[172],"DGA":[173],"By":[175],"using":[176],"maximum":[178],"number":[179],"scenario":[185],"particularly":[187],"difficult":[188],"close":[190],"real":[193],"world.":[194],"All":[195],"examined":[199],"privacy-preserving,":[201],"since":[202],"they":[203],"operate":[204],"without":[205],"context":[206],"exclusively":[208],"single":[211],"domain":[212],"be":[214],"classified.":[215],"round":[217],"up":[218],"thorough":[223],"discussion":[224],"class-incremental":[226],"learning":[227],"strategies":[228],"adapt":[231],"existing":[233],"newly":[236],"discovered":[237],"classes.":[238]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":1}],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2025-10-10T00:00:00"}