REMaDD: Resource-Efficient Malicious Domains Detector in Large-Scale Networks

Ofir Erets Kdosha, Gilad Rosenthal, Kobi Cohen, Alon Freund, Avishay Bartik, Aviv Ron

Research output: Contribution to journalArticlepeer-review

1 Scopus citations


Detecting malicious activities in cyber systems is a major challenge of cybersecurity service providers. Due to the large amount of network traffic, it is often likened to finding a needle in a haystack. Domain name system (DNS) is one of the fundamental protocols of the internet, and therefore it can give a broad view of those malicious activities, which abuse it and leave fingerprints as part of their attack vector. In this collaborative research between Ben-Gurion University, and IBM, a significant performance improvement was achieved in detecting malicious domains as compared to the state-of-the-art software solutions. Specifically, we establish a novel algorithm to detect malicious domains in large-scale DNS traffic, named Resource-Efficient Malicious Domain Detector (REMaDD), with the following desired properties. First, the algorithm does not require prior knowledge on historical malicious activities in its real-time operations. Second, the development used real live streaming data from The Inter-University Computation Center (IUCC), and operated on real-time IBM system. The algorithm is highly computational efficient and satisfies real-time requirements in terms of running time and computational complexity. REMaDD demonstrated strong performance in terms of both detection accuracy and computational efficiency as compared to existing algorithms. Specifically, experimental results on IBM production environment demonstrated that REMaDD achieved 89.4% Precision score, and 82.9% Recall score. By contrast, the DomainObserver, and LSTM.MI algorithms achieved only 76.7%, 67.2% Precision score, and 81.7%, 75.3% Recall score, respectively.

Original languageEnglish
Article number9056547
Pages (from-to)66327-66337
Number of pages11
JournalIEEE Access
StatePublished - 1 Jan 2020


  • Cyber security
  • detection algorithms
  • domain name system (DNS)
  • real-time algorithms

ASJC Scopus subject areas

  • General Computer Science
  • General Materials Science
  • General Engineering


Dive into the research topics of 'REMaDD: Resource-Efficient Malicious Domains Detector in Large-Scale Networks'. Together they form a unique fingerprint.

Cite this