Stealthy Domain Generation Algorithms

Botnets are groups of compromised computers that botmasters (botherders) use to launch attacks over the Internet. To avoid detection, botnets use DNS fast flux to change the mapping between IP addresses and domain names periodically. Domain generation algorithms (DGAs) are employed to generate a lar...

Full description

Saved in:
Bibliographic Details
Published inIEEE transactions on information forensics and security Vol. 12; no. 6; pp. 1430 - 1443
Main Authors Yu Fu, Lu Yu, Hambolu, Oluwakemi, Ozcelik, Ilker, Husain, Benafsh, Jingxuan Sun, Sapra, Karan, Dan Du, Beasley, Christopher Tate, Brooks, Richard R.
Format Journal Article
LanguageEnglish
Published New York IEEE 01.06.2017
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subjects
Algorithms
BotDigger
botnet
Computer simulation
Cybersecurity
DGA
DGA detection
Domain names
edit distance
Game theory
Grammars
Hidden Markov models
HMM
Indexes
intrusion detection
IP (Internet Protocol)
Jaccard index
Kullback-Leibler distance
Malware
Markov chains
Measurement
PCFG
Personnel
Pleiades
Probabilistic logic
Probability distribution
Security
Security personnel
Online AccessGet full text
ISSN1556-6013
1556-6021
DOI10.1109/TIFS.2017.2668361

Cover

Abstract Botnets are groups of compromised computers that botmasters (botherders) use to launch attacks over the Internet. To avoid detection, botnets use DNS fast flux to change the mapping between IP addresses and domain names periodically. Domain generation algorithms (DGAs) are employed to generate a large number of domain names. Detection techniques have been proposed to identify malicious domain names generated by DGAs. Three metrics, Kullback-Leibler (KL) distance, Edit distance (ED), and Jaccard index (JI), are used to detect botnet domains with up to 100% detection rate and 2.5% false-positive rate. In this paper, we propose two DGAs that use hidden Markov models (HMMs) and probabilistic context-free grammars (PCFGs), respectively. Experiment results show that DGA detection metrics (KL, JI, and ED) and detection systems (BotDigger and Pleiades) have difficulty detecting domain names generated using the proposed approaches. Game theory is used to optimize strategies for both botmasters and security personnel. Results show that, to optimize DGA detection, security personnel should use the ED detection technique with probability 0.78 and JI detection with probability 0.22, and botmasters should choose the HMM-based DGA with probability 0.67 and PCFG-based DGA with probability 0.33.
AbstractList Botnets are groups of compromised computers that botmasters (botherders) use to launch attacks over the Internet. To avoid detection, botnets use DNS fast flux to change the mapping between IP addresses and domain names periodically. Domain generation algorithms (DGAs) are employed to generate a large number of domain names. Detection techniques have been proposed to identify malicious domain names generated by DGAs. Three metrics, Kullback-Leibler (KL) distance, Edit distance (ED), and Jaccard index (JI), are used to detect botnet domains with up to 100% detection rate and 2.5% false-positive rate. In this paper, we propose two DGAs that use hidden Markov models (HMMs) and probabilistic context-free grammars (PCFGs), respectively. Experiment results show that DGA detection metrics (KL, JI, and ED) and detection systems (BotDigger and Pleiades) have difficulty detecting domain names generated using the proposed approaches. Game theory is used to optimize strategies for both botmasters and security personnel. Results show that, to optimize DGA detection, security personnel should use the ED detection technique with probability 0.78 and JI detection with probability 0.22, and botmasters should choose the HMM-based DGA with probability 0.67 and PCFG-based DGA with probability 0.33.
Author Brooks, Richard R.
Husain, Benafsh
Dan Du
Beasley, Christopher Tate
Jingxuan Sun
Lu Yu
Hambolu, Oluwakemi
Yu Fu
Sapra, Karan
Ozcelik, Ilker
Author_xml – sequence: 1
  surname: Yu Fu
  fullname: Yu Fu
  email: fu2@g.clemson.edu
  organization: Holcombe Dept. of Electr. & Comput. Eng., Clemson Univ., Clemson, SC, USA
– sequence: 2
  surname: Lu Yu
  fullname: Lu Yu
  email: lyu@g.clemson.edu
  organization: Holcombe Dept. of Electr. & Comput. Eng., Clemson Univ., Clemson, SC, USA
– sequence: 3
  givenname: Oluwakemi
  surname: Hambolu
  fullname: Hambolu, Oluwakemi
  email: ohambol@g.clemson.edu
  organization: Holcombe Dept. of Electr. & Comput. Eng., Clemson Univ., Clemson, SC, USA
– sequence: 4
  givenname: Ilker
  surname: Ozcelik
  fullname: Ozcelik, Ilker
  email: iozceli@g.clemson.edu
  organization: Holcombe Dept. of Electr. & Comput. Eng., Clemson Univ., Clemson, SC, USA
– sequence: 5
  givenname: Benafsh
  surname: Husain
  fullname: Husain, Benafsh
  email: bhusain@g.clemson.edu
  organization: Sch. of Comput., Clemson Univ., Clemson, SC, USA
– sequence: 6
  surname: Jingxuan Sun
  fullname: Jingxuan Sun
  email: jingxus@g.clemson.edu
  organization: Holcombe Dept. of Electr. & Comput. Eng., Clemson Univ., Clemson, SC, USA
– sequence: 7
  givenname: Karan
  surname: Sapra
  fullname: Sapra, Karan
  email: ksapra@g.clemson.edu
  organization: Holcombe Dept. of Electr. & Comput. Eng., Clemson Univ., Clemson, SC, USA
– sequence: 8
  surname: Dan Du
  fullname: Dan Du
  email: ddu@g.clemson.edu
  organization: Holcombe Dept. of Electr. & Comput. Eng., Clemson Univ., Clemson, SC, USA
– sequence: 9
  givenname: Christopher Tate
  surname: Beasley
  fullname: Beasley, Christopher Tate
  email: beasle6@g.clemson.edu
  organization: Holcombe Dept. of Electr. & Comput. Eng., Clemson Univ., Clemson, SC, USA
– sequence: 10
  givenname: Richard R.
  surname: Brooks
  fullname: Brooks, Richard R.
  email: rrb@g.clemson.edu
  organization: Holcombe Dept. of Electr. & Comput. Eng., Clemson Univ., Clemson, SC, USA
BookMark eNp9kMFOAjEQhhuDiYA-gPFCYjwudtpttz0SFCQh8QCem-1uKyXLFtty4O0BIRw8eJo5_N_8ma-HOq1vDUKPgIcAWL4uZ5PFkGAohoRzQTncoC4wxjOOCXSuO9A71ItxjXGeAxdd9LJIpmzSaj9485vStYOpaU0ok_PtYNR8--DSahPv0a0tm2geLrOPvibvy_FHNv-czsajeVYRSVPGZMGs0ILVQCjVNdR1zhkmTGtdWVYJyagFySQlgtbWVhxkIYUsq5phnWvaR8_nu9vgf3YmJrX2u9AeKxWIgnNCMCbHFJxTVfAxBmPVNrhNGfYKsDrZUCcb6mRDXWwcmeIPU7n0-2YKpWv-JZ_OpDPGXJsKwUguOT0An59tBw
CODEN ITIFA6
CitedBy_id crossref_primary_10_1016_j_comcom_2020_04_033
crossref_primary_10_3390_electronics11030414
crossref_primary_10_1109_ACCESS_2020_3013494
crossref_primary_10_1007_s12243_024_01043_3
crossref_primary_10_1016_j_jisa_2022_103125
crossref_primary_10_1016_j_jisa_2022_103148
crossref_primary_10_1016_j_comnet_2022_109508
crossref_primary_10_1145_3191329
crossref_primary_10_1016_j_jisa_2020_102725
crossref_primary_10_1016_j_jisa_2021_102933
crossref_primary_10_1016_j_jnca_2021_103135
crossref_primary_10_1016_j_cose_2020_101777
crossref_primary_10_3390_electronics9071070
crossref_primary_10_1016_j_cose_2022_102803
crossref_primary_10_1002_ett_3505
crossref_primary_10_1016_j_cose_2019_04_015
crossref_primary_10_1109_TIFS_2023_3298229
crossref_primary_10_1109_TIFS_2023_3293956
crossref_primary_10_1109_COMST_2024_3382470
crossref_primary_10_1109_TII_2019_2940742
crossref_primary_10_1007_s10586_024_04363_0
crossref_primary_10_1080_19393555_2020_1834650
crossref_primary_10_3390_math12050640
crossref_primary_10_1109_ACCESS_2020_2988877
crossref_primary_10_1109_OJCOMS_2020_3038704
crossref_primary_10_3390_s23042217
crossref_primary_10_1016_j_compeleceng_2022_107841
crossref_primary_10_1016_j_cose_2023_103317
crossref_primary_10_3390_sym11020176
crossref_primary_10_1109_TIFS_2019_2960647
crossref_primary_10_1016_j_diin_2018_12_005
crossref_primary_10_1016_j_comcom_2022_05_012
crossref_primary_10_1016_j_jisa_2021_102948
crossref_primary_10_1016_j_comnet_2023_109992
crossref_primary_10_1109_TNSE_2023_3308126
crossref_primary_10_3390_electronics10091039
crossref_primary_10_1109_TEM_2021_3059664
crossref_primary_10_1109_TNSM_2022_3221981
crossref_primary_10_1145_3199477
crossref_primary_10_1109_JIOT_2023_3322716
crossref_primary_10_1007_s00500_018_03703_8
crossref_primary_10_1109_ACCESS_2019_2940554
Cites_doi 10.1007/3-540-36618-0_22
10.1145/1879141.1879148
10.1016/j.patrec.2009.06.008
10.1002/spe.885
10.1109/TIFS.2011.2173486
10.1145/1455518.1455525
10.1109/T-C.1973.223746
10.1145/2584679
10.1023/A:1010388907793
10.1147/JRD.2016.2557639
10.1145/1653662.1653738
10.1109/ISSREW.2014.20
10.1016/j.jare.2014.01.001
10.1109/ICICIC.2009.127
10.1002/asi.4630240406
10.1109/ICICIC.2008.422
10.1145/1053283.1053288
10.21236/ADA017676
10.1109/TIFS.2014.2357251
10.1109/TNET.2012.2184552
10.1145/2746266.2746275
10.1016/j.cose.2016.10.001
10.1109/TIT.1956.1056813
10.1109/MALWARE.2013.6703693
10.1214/aoms/1177729694
10.1148/radiology.143.1.7063747
10.1090/S0002-9904-1945-08391-8
10.1109/TKDE.2012.93
10.1109/MALWARE.2015.7413691
10.1109/ICDCS.2016.77
10.1017/CBO9780511809071
ContentType Journal Article
Copyright Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2017
Copyright_xml – notice: Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2017
DBID 97E
RIA
RIE
AAYXX
CITATION
7SC
7SP
7TB
8FD
FR3
JQ2
KR7
L7M
L~C
L~D
DOI 10.1109/TIFS.2017.2668361
DatabaseName IEEE All-Society Periodicals Package (ASPP) 2005–Present
IEEE All-Society Periodicals Package (ASPP) 1998–Present
IEEE Electronic Library (IEL)
CrossRef
Computer and Information Systems Abstracts
Electronics & Communications Abstracts
Mechanical & Transportation Engineering Abstracts
Technology Research Database
Engineering Research Database
ProQuest Computer Science Collection
Civil Engineering Abstracts
Advanced Technologies Database with Aerospace
Computer and Information Systems Abstracts – Academic
Computer and Information Systems Abstracts Professional
DatabaseTitle CrossRef
Civil Engineering Abstracts
Technology Research Database
Computer and Information Systems Abstracts – Academic
Mechanical & Transportation Engineering Abstracts
Electronics & Communications Abstracts
ProQuest Computer Science Collection
Computer and Information Systems Abstracts
Engineering Research Database
Advanced Technologies Database with Aerospace
Computer and Information Systems Abstracts Professional
DatabaseTitleList
Civil Engineering Abstracts
Database_xml – sequence: 1
  dbid: RIE
  name: IEEE Electronic Library (IEL)
  url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/
  sourceTypes: Publisher
DeliveryMethod fulltext_linktorsrc
Discipline Engineering
Computer Science
EISSN 1556-6021
EndPage 1443
ExternalDocumentID 10_1109_TIFS_2017_2668361
7852496
Genre orig-research
GrantInformation_xml – fundername: National Science Foundation
  grantid: ACI-1547245; CNS-1544910; ACI-1642143; CNS-1643020
  funderid: 10.13039/100000001
GroupedDBID 0R~
29I
4.4
5GY
5VS
6IK
97E
AAJGR
AARMG
AASAJ
AAWTH
ABAZT
ABQJQ
ABVLG
ACGFS
ACIWK
AENEX
AETIX
AGQYO
AGSQL
AHBIQ
AKJIK
AKQYR
ALMA_UNASSIGNED_HOLDINGS
ATWAV
BEFXN
BFFAM
BGNUA
BKEBE
BPEOZ
CS3
DU5
EBS
EJD
HZ~
IFIPE
IPLJI
JAVBF
LAI
M43
O9-
OCL
P2P
PQQKQ
RIA
RIE
RNS
AAYXX
CITATION
7SC
7SP
7TB
8FD
FR3
JQ2
KR7
L7M
L~C
L~D
RIG
ID FETCH-LOGICAL-c293t-5975f8b85d1233bd1dd465025bbbcf5c8953f19593283dffc6197989acd50b4b3
IEDL.DBID RIE
ISSN 1556-6013
IngestDate Mon Jun 30 04:34:24 EDT 2025
Wed Oct 01 03:15:39 EDT 2025
Thu Apr 24 23:09:51 EDT 2025
Tue Aug 26 16:43:23 EDT 2025
IsPeerReviewed true
IsScholarly true
Issue 6
Language English
License https://ieeexplore.ieee.org/Xplorehelp/downloads/license-information/IEEE.html
https://doi.org/10.15223/policy-029
https://doi.org/10.15223/policy-037
LinkModel DirectLink
MergedId FETCHMERGED-LOGICAL-c293t-5975f8b85d1233bd1dd465025bbbcf5c8953f19593283dffc6197989acd50b4b3
Notes ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ORCID 0000-0001-7949-0556
PQID 1876622002
PQPubID 85506
PageCount 14
ParticipantIDs crossref_primary_10_1109_TIFS_2017_2668361
crossref_citationtrail_10_1109_TIFS_2017_2668361
proquest_journals_1876622002
ieee_primary_7852496
ProviderPackageCode CITATION
AAYXX
PublicationCentury 2000
PublicationDate 2017-06-01
PublicationDateYYYYMMDD 2017-06-01
PublicationDate_xml – month: 06
  year: 2017
  text: 2017-06-01
  day: 01
PublicationDecade 2010
PublicationPlace New York
PublicationPlace_xml – name: New York
PublicationTitle IEEE transactions on information forensics and security
PublicationTitleAbbrev TIFS
PublicationYear 2017
Publisher IEEE
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Publisher_xml – name: IEEE
– name: The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
References paganini (ref39) 2016
ref56
ref14
ref52
ref55
ref54
ref10
pereira (ref34) 2015
wei-wei (ref12) 2013
edwards (ref37) 2016
ref16
ref19
gasser (ref15) 1975
ref18
liang (ref48) 1983
marchal (ref17) 2012
newspaper (ref38) 2016
kasza (ref33) 2015
schiavoni (ref11) 2013
wolf (ref46) 2008
ref47
ref41
jurafsky (ref28) 2014
ref44
manning (ref57) 1999
manning (ref22) 1999
news (ref45) 2008
leder (ref43) 2008
heeringa (ref27) 2004
ref7
lu (ref50) 2012
ref4
ref3
ref6
ref5
ref40
von neumann (ref62) 1945; 51
barabosch (ref13) 2012
ref30
chi (ref59) 1999; 25
ref32
ref2
ref1
beale (ref53) 2003
(ref63) 2013
zhang (ref8) 2016
ref24
ref23
plohmann (ref31) 0
ref26
ref20
lu (ref51) 0; 43
ref21
levenshtein (ref25) 1966; 10
(ref35) 2012
ref29
leder (ref42) 2009
schwier (ref49) 2009
hagen (ref36) 2016
ref60
ref61
harris (ref58) 2002
antonakakis (ref9) 2012
References_xml – start-page: 1
  year: 2012
  ident: ref13
  article-title: Automatic extraction of domain name generation algorithms from current malware
  publication-title: Proc NATO Symp IST-111 Inf Assurance Cyber Defense
– ident: ref23
  doi: 10.1007/3-540-36618-0_22
– year: 2008
  ident: ref45
  publication-title: Spam on Rise After Brief Reprieve
– ident: ref7
  doi: 10.1145/1879141.1879148
– ident: ref60
  doi: 10.1016/j.patrec.2009.06.008
– ident: ref44
  doi: 10.1002/spe.885
– year: 2012
  ident: ref35
  publication-title: Domain Generation Algorithms (DGA) in Stealthy Malware
– year: 2016
  ident: ref38
  publication-title: Cracking of Sphinx Trojan DGA Opens the Door for Botnet Takedown
– year: 1983
  ident: ref48
  article-title: Word hy-phen-a-tion by com-put-er
– ident: ref41
  doi: 10.1109/TIFS.2011.2173486
– year: 2013
  ident: ref11
  article-title: Tracking and characterizing botnets using automatically generated domains
– ident: ref4
  doi: 10.1145/1455518.1455525
– ident: ref56
  doi: 10.1109/T-C.1973.223746
– volume: 43
  start-page: 806
  year: 0
  ident: ref51
  article-title: A normalized statistical metric space for hidden Markov models
  publication-title: IEEE Trans Cybern
– ident: ref5
  doi: 10.1145/2584679
– ident: ref54
  doi: 10.1023/A:1010388907793
– ident: ref32
  doi: 10.1147/JRD.2016.2557639
– ident: ref47
  doi: 10.1145/1653662.1653738
– year: 2013
  ident: ref63
  publication-title: Welcome to Project Sonar
– ident: ref16
  doi: 10.1109/ISSREW.2014.20
– ident: ref6
  doi: 10.1016/j.jare.2014.01.001
– year: 2014
  ident: ref28
  publication-title: Minimum Edit Distance-Definition of Minimum Edit Distance
– ident: ref1
  doi: 10.1109/ICICIC.2009.127
– ident: ref29
  doi: 10.1002/asi.4630240406
– year: 2002
  ident: ref58
  publication-title: The Theory of Branching Processes
– start-page: 263
  year: 0
  ident: ref31
  article-title: A comprehensive measurement study of domain generating malware
  publication-title: Proc 25th USENIX Secur Symp (USENIX Security) USENIX Assoc
– start-page: 408
  year: 2013
  ident: ref12
  article-title: Detecting machine generated domain names based on morpheme features
  publication-title: Proc Int Workshop Sec Cloud Comput
– volume: 10
  start-page: 707
  year: 1966
  ident: ref25
  article-title: Binary codes capable of correcting deletions, insertions and reversals
  publication-title: Sov Phys Doklady
– ident: ref14
  doi: 10.1002/spe.885
– start-page: 16
  year: 2016
  ident: ref8
  article-title: BotDigger: Detecting DGA bots in a single network
  publication-title: Proc IEEE Int Workshop Traffic Monitor Anal
– start-page: 491
  year: 2012
  ident: ref9
  article-title: From throw-away traffic to bots: Detecting the rise of DGA-based malware
  publication-title: Proc Usenix Secur Symp
– year: 2009
  ident: ref42
  article-title: Know your enemy: Containing conficker
– year: 1999
  ident: ref57
  publication-title: Foundations of Statistical Natural Language Processing
– start-page: 91
  year: 2012
  ident: ref17
  article-title: Semantic based DNS forensics
  publication-title: Proc IEEE Int Workshop Inf Forensics Secur (WIFS)
– ident: ref26
  doi: 10.1109/ICICIC.2008.422
– ident: ref10
  doi: 10.1145/1053283.1053288
– year: 1975
  ident: ref15
  article-title: A random word generator for pronounceable passwords
  doi: 10.21236/ADA017676
– ident: ref18
  doi: 10.1109/TIFS.2014.2357251
– ident: ref3
  doi: 10.1109/TNET.2012.2184552
– ident: ref61
  doi: 10.1145/2746266.2746275
– year: 2016
  ident: ref37
  publication-title: The Mad Max DGA
– volume: 25
  start-page: 131
  year: 1999
  ident: ref59
  article-title: Statistical properties of probabilistic context-free grammars
  publication-title: Comput Linguistics
– ident: ref20
  doi: 10.1016/j.cose.2016.10.001
– year: 2004
  ident: ref27
  article-title: Measuring dialect pronunciation differences using Levenshtein distance
– ident: ref55
  doi: 10.1109/TIT.1956.1056813
– ident: ref40
  doi: 10.1109/MALWARE.2013.6703693
– year: 2016
  ident: ref36
  publication-title: Why Domain Generating Algorithms (DGAS)
– ident: ref21
  doi: 10.1214/aoms/1177729694
– ident: ref24
  doi: 10.1148/radiology.143.1.7063747
– year: 2008
  ident: ref43
  publication-title: Containing Conficker
– volume: 51
  start-page: 498
  year: 1945
  ident: ref62
  article-title: Theory of games and economic behavior
  publication-title: Bull Amer Math Soc
  doi: 10.1090/S0002-9904-1945-08391-8
– ident: ref52
  doi: 10.1109/TKDE.2012.93
– year: 2008
  ident: ref46
  publication-title: Technical Details of Srizbi's Domain Generation Algorithm
– year: 2015
  ident: ref34
  publication-title: A Look Inside Tinba Botnets
– year: 1999
  ident: ref22
  publication-title: Foundations of Statistical Natural Language Processing
– ident: ref2
  doi: 10.1109/MALWARE.2015.7413691
– year: 2003
  ident: ref53
  publication-title: 12dicts Introduction-The 3ESL List
– ident: ref19
  doi: 10.1109/ICDCS.2016.77
– year: 2009
  ident: ref49
  article-title: Pattern recognition for command and control data systems
– year: 2015
  ident: ref33
  publication-title: Using Algorithms to Brute Force Algorithms
– ident: ref30
  doi: 10.1017/CBO9780511809071
– year: 2012
  ident: ref50
  article-title: Network traffic analysis using stochastic grammars
– year: 2016
  ident: ref39
  publication-title: Cisco Talos Profiled the Goznym Botnet After Cracking the Trojan DGA
SSID ssj0044168
Score 2.4569633
Snippet Botnets are groups of compromised computers that botmasters (botherders) use to launch attacks over the Internet. To avoid detection, botnets use DNS fast flux...
SourceID proquest
crossref
ieee
SourceType Aggregation Database
Enrichment Source
Index Database
Publisher
StartPage 1430
SubjectTerms Algorithms
BotDigger
botnet
Computer simulation
Cybersecurity
DGA
DGA detection
Domain names
edit distance
Game theory
Grammars
Hidden Markov models
HMM
Indexes
intrusion detection
IP (Internet Protocol)
Jaccard index
Kullback-Leibler distance
Malware
Markov chains
Measurement
PCFG
Personnel
Pleiades
Probabilistic logic
Probability distribution
Security
Security personnel
Title Stealthy Domain Generation Algorithms
URI https://ieeexplore.ieee.org/document/7852496
https://www.proquest.com/docview/1876622002
Volume 12
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
journalDatabaseRights – providerCode: PRVIEE
  databaseName: IEEE Electronic Library (IEL)
  customDbUrl:
  eissn: 1556-6021
  dateEnd: 99991231
  omitProxy: false
  ssIdentifier: ssj0044168
  issn: 1556-6013
  databaseCode: RIE
  dateStart: 20060101
  isFulltext: true
  titleUrlDefault: https://ieeexplore.ieee.org/
  providerName: IEEE
link http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV3NT8IwFH8BTnoQBY0omh30Ytxg69p1R6ISNMGLkHBb1i8lwmZgXPzrbfdB_IrxtkPbNf2176P9vfcALoQkseCE2YoK7aB4PrNjxZDthyTGmMTcz-87xo9kNPUfZnhWg-ttLIyUMiefScd85m_5IuUbc1XWCyjW3gKpQz2gpIjVqqSu1upF2Jv-ga2dDFS-YLr9sDe5Hz4ZElfgaG1EEXG_6KC8qMoPSZyrl2ETxtXEClbJq7PJmMPfv-Vs_O_M92GvtDOtQbExDqAmkxY0qxoOVnmkW7D7KSFhGy4NvXehsbNu02U8T6wiK7UBzxosntPVPHtZrg9hOryb3IzsspCCzbU2z2ztNGBFGcVC6ynEhCuEry0zDzPGuMKchhgpk2UGaWNDKMW1VxWENIy5wH3mM3QEjSRN5DFYCnkcY6Y09MSPJWeBp6gvQ-W5RARUdKBfLW3EyyzjptjFIsq9jX4YGTQig0ZUotGBq22XtyLFxl-N22Z1tw3Lhe1At8IvKg_hOnK1pCeeYaGc_N7rFHbM2AXzqwuNbLWRZ9rGyNh5vrk-AC_lzJ0
linkProvider IEEE
linkToHtml http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1JTwIxFH5BPKgHUdSIos5BL8YBZqbtdI5EJaDARUi4TaabElkMDBd_ve0sxC3GWw9t2vRr39J-7z2ASyFJJDhhtqJCOyguYnakmGejgEQYk4ij5L2j1yftIXoY4VEBbtaxMFLKhHwma6aZ_OWLOV-Zp7K6T7H2FsgGbGKEEE6jtXK5q_V6Gvimp7C1m-Flf5hOI6gPOq0nQ-Pya1ofUY84X7RQUlblhyxOFEyrBL18aSmv5LW2ilmNv3_L2vjfte_BbmZpWs30aOxDQc7KUMqrOFjZpS7DzqeUhAdwZQi-E42edTefRuOZlealNvBZzcnzfDGOX6bLQxi27ge3bTsrpWBzrc9jW7sNWFFGsdCaymPCEQJp28zFjDGuMKcB9pTJM-Npc0MoxbVf5Qc0iLjADYaYdwTF2Xwmj8FSnssxZkqDT1AkOfNdRZEMlOsQ4VNRgUa-tSHP8oybcheTMPE3GkFo0AgNGmGGRgWu10Pe0iQbf3U-MLu77phtbAWqOX5hdg2XoaNlPXEND-Xk91EXsNUe9Lpht9N_PIVtM0_KA6tCMV6s5Jm2OGJ2nhy0DxSGz-o
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Stealthy+Domain+Generation+Algorithms&rft.jtitle=IEEE+transactions+on+information+forensics+and+security&rft.au=Fu%2C+Yu&rft.au=Yu%2C+Lu&rft.au=Hambolu%2C+Oluwakemi&rft.au=Ozcelik%2C+Ilker&rft.date=2017-06-01&rft.issn=1556-6013&rft.eissn=1556-6021&rft.volume=12&rft.issue=6&rft.spage=1430&rft.epage=1443&rft_id=info:doi/10.1109%2FTIFS.2017.2668361&rft.externalDBID=n%2Fa&rft.externalDocID=10_1109_TIFS_2017_2668361
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=1556-6013&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=1556-6013&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=1556-6013&client=summon