domain generation algorithm (DGA)

A domain generation algorithm (DGA) is a computer program that creates slightly different variations of a given domain name.

If a website owner wants to use the domain name mysite.com for example, and a search on a domain-name registrar’s site revealed that the desired domain name was not unavailable, a DGA running in the site’s background might return suggestions for fifty similar site names that actually were available.

Download this free guide

Download: Your Complete Guide to IAM

Utilize this 66-page IAM guide to help you stay on top of the latest best practices and techniques. Security expert Michael Cobb explores the risks and rewards of biometrics measures and multifactor authentication, how organizations can assess if it is time to modernize IAM strategies, and much more.

Start Download

• Corporate E-mail Address:

  You forgot to provide an Email Address.

  This email address doesn’t appear to be valid.

  This email address is already registered. Please login.

  You have exceeded the maximum character limit.

  Please provide a Corporate E-mail Address.

• • I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

  Please check the box if you want to proceed.

• • I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.

  Please check the box if you want to proceed.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

Botnet operators have discovered that DGAs can be used to hide the operator’s command and control (C&C) server and evade detection by blacklists, signature filters, reputation systems, intrusion prevention systems, security gateways and other security methods.  The scheme, which is called domain fluxing, is similar to hiding a needle (the C&C server) in a haystack (a long list of IP addresses).