Abstract: A computer-implemented method for domain analysis comprises: obtaining, by a computing device, a domain; and inputting, by the computing device, the obtained domain to a trained detection model to determine if the obtained domain was generated by one or more domain generation algorithms. The detection model comprises a neural network model, a n-gram-based machine learning model, and an ensemble layer. Inputting the obtained domain to the detection model comprises inputting the obtained domain to each of the neural network model and the n-gram-based machine learning model. The neural network model and the n-gram-based machine learning model both output to the ensemble layer. The ensemble layer outputs a probability that the obtained domain was generated by the domain generation algorithms.

Abstract: A computer-implemented method for domain analysis comprises: obtaining, by a computing device, a domain; and inputting, by the computing device, the obtained domain to a trained detection model to determine if the obtained domain was generated by one or more domain generation algorithms. The detection model comprises a neural network model, a n-gram-based machine learning model, and an ensemble layer. Inputting the obtained domain to the detection model comprises inputting the obtained domain to each of the neural network model and the n-gram-based machine learning model. The neural network model and the n-gram-based machine learning model both output to the ensemble layer. The ensemble layer outputs a probability that the obtained domain was generated by the domain generation algorithms.

Abstract: A computer-implemented method for domain analysis comprises: obtaining, by a computing device, a domain; and inputting, by the computing device, the obtained domain to a trained detection model to determine if the obtained domain was generated by one or more domain generation algorithms. The detection model comprises a neural network model, a n-gram-based machine learning model, and an ensemble layer. Inputting the obtained domain to the detection model comprises inputting the obtained domain to each of the neural network model and the n-gram-based machine learning model. The neural network model and the n-gram-based machine learning model both output to the ensemble layer. The ensemble layer outputs a probability that the obtained domain was generated by the domain generation algorithms.

Abstract: Malicious programs may be detected by obtaining program information of a program. A control flow graph may be generated based on the program information. The program may be identified as being potentially malicious based on one or more portions of the control flow graph.

Abstract: Malicious processes may be tracked by obtaining process history information of a computing device and obtaining an identification of a malicious software on the computing device. An associated process of the malicious software and actions of the associated process may be identified based on the process history information. Related processes of the associated process and actions of the related processes may be iteratively identified based on the process history information. Tracking information for the malicious software may be generated based on the associated process, the actions of the associated process, the related processes, and the actions of the related processes.

Abstract: A computer-implemented method for domain analysis comprises: obtaining, by a computing device, a domain; and inputting, by the computing device, the obtained domain to a trained detection model to determine if the obtained domain was generated by one or more domain generation algorithms. The detection model comprises a neural network model, a n-gram-based machine learning model, and an ensemble layer. Inputting the obtained domain to the detection model comprises inputting the obtained domain to each of the neural network model and the n-gram-based machine learning model. The neural network model and the n-gram-based machine learning model both output to the ensemble layer. The ensemble layer outputs a probability that the obtained domain was generated by the domain generation algorithms.

Abstract: Malicious processes may be tracked by obtaining process history information of a computing device and obtaining an identification of a malicious software on the computing device. An associated process of the malicious software and actions of the associated process may be identified based on the process history information. Related processes of the associated process and actions of the related processes may be iteratively identified based on the process history information. Tracking information for the malicious software may be generated based on the associated process, the actions of the associated process, the related processes, and the actions of the related processes.

Abstract: Malicious programs may be detected by obtaining program information of a program. A control flow graph may be generated based on the program information. The program may be identified as being potentially malicious based on one or more portions of the control flow graph.