An end-to-end framework for private DGA detection as a service
Fig 2
Illustration of the use of a DGA.
The botmaster and malware on an infected client generate the same list of domain names. The botmaster registers a domain from the list. The malware attempts to resolve each domain from the list with the DNS until it finds the registered domain and a connection between the infected client and the C&C is successfully established.