Domain generation algorithms (DGA) are algorithms seen in various families of malware that are used to periodically generate a large number of domain names that can be used as rendezvous points with their command and control servers. The large number of potential rendezvous points makes it difficult for law enforcement to effectively shut down botnets, since infected computers will attempt to contact some of these domain names every day to receive updates or commands. The use of public-key cryptography in malware code makes it unfeasible for law enforcement and other actors to mimic commands from the malware controllers as some worms will automatically reject any updates not signed by the malware controllers.
For example, an infected computer could create thousands of domain names such as: www.<gibberish>.com and would attempt to contact a portion of these with the purpose of receiving an update or commands.
Embedding the DGA instead of a list of previously-generated (by the command and control servers) domains in the unobfuscated binary of the malware protects against a strings dump that could be fed into a network blacklisting appliance preemptively to attempt to restrict outbound communication from infected hosts within an enterprise.
The technique was popularized by the family of worms Conficker.a and .b which, at first generated 250 domain names per day. Starting with Conficker.C, the malware would generate 50,000 domain names every day of which it would attempt to contact 500, giving an infected machine a 1% possibility of being updated every day if the malware controllers registered only one domain per day. To prevent infected computers from updating their malware, law enforcement would have needed to pre-register 50,000 new domain names every day. From the point of view of botnet owner, they only have to register one or a few domains out of the several domains that each bot would query every day.
Recently, the technique has been adopted by other malware authors. According to network security firm Damballa, the top-5 most prevalent DGA-based crimeware families are Conficker, Murofet, BankPatch, Bonnana and Bobax as of 2011.[1]
DGA can also combine words from a dictionary to generate domains. These dictionaries can be hard-coded in malware or taken from a publicly accessible source.[2] Domains generated by dictionary DGA tend to be more difficult to detect due to their similarity to legitimate domains.
^"Top-5 Most Prevalent DGA-based Crimeware Families" (PDF). Damballa. p. 4. Archived from the original (PDF) on 2016-04-03.
^Plohmann, Daniel; Yakdan, Khaled; Klatt, Michael; Bader, Johannes; Gerhards-Padilla, Elmar (2016). "A Comprehensive Measurement Study of Domain Generating Malware" (PDF). 25th USENIX Security Symposium: 263–278.
and 23 Related for: Domain generation algorithm information
form a new generation. The new generation of candidate solutions is then used in the next iteration of the algorithm. Commonly, the algorithm terminates...
geometric input domain. Mesh cells are used as discrete local approximations of the larger domain. Meshes are created by computer algorithms, often with human...
Direct Graphics Access, an X Window System extension Domaingenerationalgorithm, a family of algorithms used by malware to obfuscate their original Command...
without worrying about how to implement a routine or algorithm to solve them. Fifth-generation languages are used mainly in Artificial Intelligence or...
Generation Z (often shortened to Gen Z), colloquially known as Zoomers, is the demographic cohort succeeding Millennials and preceding Generation Alpha...
search space of a problem domain, with either discrete or continuous values. Although search engines use search algorithms, they belong to the study of...
trends in the database: this has applications in domains such as market basket analysis. The Apriori algorithm was proposed by Agrawal and Srikant in 1994...
A phonetic algorithm is an algorithm for indexing of words by their pronunciation. Most phonetic algorithms were developed for English and are not useful...
to as multi-source domain adaptation. Domain adaptation is the ability to apply an algorithm trained in one or more "source domains" to a different (but...
interface between vision and language. A case of data-to-text generation, the algorithm of image captioning (or automatic image description) involves...
The Goertzel algorithm is a technique in digital signal processing (DSP) for efficient evaluation of the individual terms of the discrete Fourier transform...
behavior for the agents in population. Domain specific knowledge Information about the domain of the cultural algorithm problem is applied to. Situational...
to quickly read and understand it. Computational complexity: The generationalgorithm should be fast No false inferences: The expression should not confuse...
an evolutionary algorithm (EA) is a subset of evolutionary computation, a generic population-based metaheuristic optimization algorithm. An EA uses mechanisms...
An algorithm is fundamentally a set of rules or defined procedures that is typically designed and used to solve a specific problem or a broad set of problems...
domaingenerationalgorithm (DGA) to re-establish contact with the C2 servers and obtain a new list of peers. The DGA generated one thousand domains every...
system location randomization, random timestamping, IP-based domaingenerationalgorithm, UAC[clarification needed] bypass to eliminate the need for user...
1.0.X. This contained other unique capabilities, including a domaingenerationalgorithm to prevent shutdown attempts, regular expression support, and...
algorithm in uniform distribution Rotated grid algorithm (with 2x times the sample density) Random algorithm Jitter algorithm Poisson disc algorithm Quasi-Monte...
flux-herder mothership nodes. The domain names are dynamically generated using a selected pseudorandom domaingenerationalgorithm (DGA), and the flux operator...
computer science and operations research, the ant colony optimization algorithm (ACO) is a probabilistic technique for solving computational problems...