welcome to the DGA/DNS detection repository. This project collects relevant literature, datasets and additional resources related to the detection of Domain Generation Algorithms (DGA) and their application in DNS traffic analysis.
- Code
- Contribution
- Data
- Datasets
- Figures
- Further resources
- Introduction
- License
- Model
- Relevant Literature
Domain Generation Algorithms (DGAs) are widely used by modern malware to dynamically generate seemingly random domain names. These domains serve as communication points to Command & Control (C&C) servers, making it difficult for traditional security mechanisms like blacklists to keep up. Effective detection of DGA domains is therefore a key topic in cybersecurity. State-of-the-art approaches leverage machine learning and deep learning to distinguish DGA domains from legitimate ones. Techniques include classical ML models, LSTM, RNN, and Transformer architectures, as well as recent applications of Large Language Models (LLMs).
The code in this repository is released under the MIT License.
You are free to use, modify, and distribute it, provided you include proper attribution.
The datasets and documentation are provided under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) License.
This means you may share and adapt the material for non-commercial purposes, as long as you give appropriate credit and distribute any derivative works under the same license.
The datasets that include material from DGArchive are specifically provided under the CC BY-NC-SA 4.0 license.
For details, see the License file.
If you have questions, suggestions, or would like to collaborate, feel free to reach out. I’m happy to discuss ideas and exchange insights on DGA/DNS detection or related topics in cybersecurity.
