Automatic Generation and Classification of Malicious FQDN

Due to the increase in spam email and other anti-social behavior (such as the bot net command and control server) on the Internet, Domain Name System (DNS) blacklists (DNSBLs) have been created. These are “blacklists” of malicious hosts on the Internet that are reputed to send spam email and other anti-social behavior. Most email servers can be configured to reject messages that are sent from the hosts on these lists. Because it is difficult to keep up with new malicious hosts created every day, research is required to automate DNSBL generation. To address this problem, the application of machine learning is being studied thoroughly. Deep learning is considered to be a promising approach to classify the malicious host names. This study explores the risks of these approaches by showing a simple domain generation algorithm (DGA). This report shows the importance of attributes that are used rather than machine learning techniques. Researchers in machine learning and knowledge acquisition should focus on attributes that are more important in application fields than techniques when considering the practical applications.