65 lines
2.5 KiB
JSON
65 lines
2.5 KiB
JSON
{
|
|
"namespace": "dga",
|
|
"expanded": "Domain-Generation Algorithms",
|
|
"description": "A taxonomy to describe domain-generation algorithms often called DGA. Ref: A Comprehensive Measurement Study of Domain Generating Malware Daniel Plohmann and others.",
|
|
"version": 2,
|
|
"predicates": [
|
|
{
|
|
"value": "generation-scheme",
|
|
"expanded": "Generation scheme used for the DGA"
|
|
},
|
|
{
|
|
"value": "seeding",
|
|
"expanded": "Seeding scheme used for the DGA"
|
|
}
|
|
],
|
|
"values": [
|
|
{
|
|
"predicate": "generation-scheme",
|
|
"entry": [
|
|
{
|
|
"value": "arithmetic",
|
|
"expanded": "Arithmetic",
|
|
"description": "Calculate a sequence of values that either have a direct ASCII representation usable for a domain name or designate an offset in one or more hard- coded arrays, constituting the alphabet of the DGA. "
|
|
},
|
|
{
|
|
"value": "hash",
|
|
"expanded": "Hash",
|
|
"description": "Use the hexdigest representation of a hash to produce the domain."
|
|
},
|
|
{
|
|
"value": "wordlist",
|
|
"expanded": "Wordlist",
|
|
"description": "Concatenate a sequence of words from one or more wordlists, resulting in less randomly appealing and thus more camouflaging domains"
|
|
},
|
|
{
|
|
"value": "permutation",
|
|
"expanded": "Permutation",
|
|
"description": "derive all possible AGDs (Algorithmically-Generated Domain) through permutation of an initial domain name."
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"predicate": "seeding",
|
|
"entry": [
|
|
{
|
|
"value": "time-dependent",
|
|
"expanded": "The DGA uses temporal information in the seeding for its domain generation, resulting in sets of domains with certain validity time spans."
|
|
},
|
|
{
|
|
"value": "time-independent",
|
|
"expanded": "The DGA does not rely on temporal information in the seeding for its domain generation, resulting in a single set of domains."
|
|
},
|
|
{
|
|
"value": "deterministic",
|
|
"expanded": "Given the implementation of the DGA and a seed, its full set of possible domains can be calculated at any point in time."
|
|
},
|
|
{
|
|
"value": "non-deterministic",
|
|
"expanded": "Domains depend on unpredictable seed input, e.g. on external dynamic information that can be published at a later time (e.g. via posting on social media), on data specific to the system it is executed on, or on arbitrary non-predictable PRNG output."
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|