TY - JOUR
T1 - NIOM-DGA: Nature-inspired optimised ML-based model for DGA detection
AU - Jeremiah, Daniel
AU - Rafiq, Husnain
AU - Ta, Vinh Thong
AU - Usman, Muhammad
AU - Raza, Mohsin
AU - Awais, Muhammad
N1 - Data availability: Data will be made available on request.
Dataset used for this research: The cleaned dataset that was used for features engineering can be downloaded here NIOM-DGA-Research.
PY - 2025/10
Y1 - 2025/10
N2 - Domain Generation Algorithms (DGAs) allow malware to evade detection by generating millions of random domains daily for Command-and-Control (C&C) communication, challenging traditional detection methods. This work presents NIOM-DGA, a novel machine learning model that applies nature-inspired algorithms (NIAs) to select an optimal subset of 78 features from a dataset of over 16 million domain names, including several features not traditionally used in DGA detection. This approach enhances accuracy, robustness, and generalisability, achieving up to 98.3% accuracy—outperforming most existing approaches. Further testing on 10 external datasets with over 37 million domains confirms an average classification accuracy of 95.7%. Designed for seamless integration into SIEM, EDR, XDR, and cloud security platforms, NIOM-DGA significantly improves DGA detection compared to existing methods, advancing practical threat detection capabilities.
AB - Domain Generation Algorithms (DGAs) allow malware to evade detection by generating millions of random domains daily for Command-and-Control (C&C) communication, challenging traditional detection methods. This work presents NIOM-DGA, a novel machine learning model that applies nature-inspired algorithms (NIAs) to select an optimal subset of 78 features from a dataset of over 16 million domain names, including several features not traditionally used in DGA detection. This approach enhances accuracy, robustness, and generalisability, achieving up to 98.3% accuracy—outperforming most existing approaches. Further testing on 10 external datasets with over 37 million domains confirms an average classification accuracy of 95.7%. Designed for seamless integration into SIEM, EDR, XDR, and cloud security platforms, NIOM-DGA significantly improves DGA detection compared to existing methods, advancing practical threat detection capabilities.
KW - Domain Generation Algorithm
KW - Machine Learning
KW - Malware
KW - Nature Inspired Optimisation
UR - http://www.scopus.com/inward/record.url?scp=105008766597&partnerID=8YFLogxK
U2 - 10.1016/j.cose.2025.104561
DO - 10.1016/j.cose.2025.104561
M3 - Article
AN - SCOPUS:105008766597
SN - 0167-4048
VL - 157
JO - Computers and Security
JF - Computers and Security
M1 - 104561
ER -