Show/Hide Menu
Hide/Show Apps
Logout
Türkçe
Türkçe
Search
Search
Login
Login
OpenMETU
OpenMETU
About
About
Open Science Policy
Open Science Policy
Open Access Guideline
Open Access Guideline
Postgraduate Thesis Guideline
Postgraduate Thesis Guideline
Communities & Collections
Communities & Collections
Help
Help
Frequently Asked Questions
Frequently Asked Questions
Guides
Guides
Thesis submission
Thesis submission
MS without thesis term project submission
MS without thesis term project submission
Publication submission with DOI
Publication submission with DOI
Publication submission
Publication submission
Supporting Information
Supporting Information
General Information
General Information
Copyright, Embargo and License
Copyright, Embargo and License
Contact us
Contact us
A Hybrid Deep Learning Framework for Advanced Detection of Domain Generation Algorithms
Download
MSc Thesis Sinan DÜZTAŞ.pdf
Sinan Düztaş Tez Dökümanları.pdf
Date
2026-1-16
Author
Düztaş, Sinan
Metadata
Show full item record
This work is licensed under a
Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License
.
Item Usage Stats
152
views
0
downloads
Cite This
Cyber threat actors (CTAs) rely on botnets to carry out a wide range of malicious operations. These botnets are controlled by command-and-control (C2) servers. If these servers are exposed, CTAs can be detected and their activities can be disrupted. In order to disguise their C2 servers, CTAs employ domain generation algorithms (DGAs). These algorithms produce large number of random domain names. CTAs use DGAs to bypass traditional detection mechanisms like blacklisting or static signature-based solutions. Since blacklisting all DGA-generated domains is not possible, the automatic detection of DGAs remains a critical necessity. The problem of distinguishing legitimate domains from DGA generated domains is an ongoing challenge. Despite years of research, modern malware continues to evolve, and this makes detection increasingly difficult. Traditional machine learning models for DGA detection heavily rely on verbal analysis of domain names through manual feature engineering. However, these models are time-consuming to construct and often produce high false positive rates. This thesis addresses these limitations by employing a hybrid framework that integrates CNN based n-gram learning and LSTM for automatic feature extraction and Logistic Regression (LR) for final classification. The model input is further enriched by Top-Level Domain (TLD) information for improved accuracy. The model is trained with a publicly available dataset compiled from ICANN, Alexa and DGArchive. Its performance is compared against other deep learning models like CNN, LSTM, GRU and Transformers. This research aims to contribute to the cybersecurity domain by offering a comprehensive solution for detecting DGAs through a novel hybrid framework that enhances overall detection performance.
Subject Keywords
Domain Generation Algorithm (DGA)
,
Convolutional Neural Network (CNN)
,
Long Short-Term Memory (LSTM)
,
Logistic Regression (LR)
,
Top Level Domain (TLD)
URI
https://hdl.handle.net/11511/118343
Collections
Graduate School of Informatics, Thesis
Citation Formats
IEEE
ACM
APA
CHICAGO
MLA
BibTeX
S. Düztaş, “A Hybrid Deep Learning Framework for Advanced Detection of Domain Generation Algorithms,” M.S. - Master of Science, Middle East Technical University, 2026.
