Skip to content

Zenithar/dgabloom

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits

cmd

cmd

 
 

generators

generators

 
 

vendor

vendor

 
 

.editorconfig

.editorconfig

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

build.sh

build.sh

 
 

main.go

main.go

 
 

Repository files navigation

DGABloom

This product uses bloom filters to help users to identify if a domain is used as a malware domain.

Why using bloom filter ?

Bloom filters are probabilistic space efficient data algorithm, it is generally used for checking if a given data is present in a dataset.

UseCase(s)

  • Check a domain using the cli
  • Use the database in a proxy (not developed)

Pro / Cons

  • Pro :

    • Space efficient (database takes only few MBs)
    • Quick lookup for checking if the domain is not is the set

  • Con :

    • Could generate false positives
    • Could not list all members of a dataset

DGA Algorithms

Todo

  • Redis storage
  • gRPC microservice
  • HTTP Proxy

Usage

Generate the filter

#> dgabloom build -b 365 -a 10

Generates bloom filter since 365 in the past and 10 days in the future.

Check if a domain is known as a DGA domain

#> dgabloom check zenithar.org
zenithar.org,false

Multiple checks

#> dgabloom check ruoectomayrj.pw hoflddlod.org zenithar.org
ruoectomayrj.pw,true
hoflddlod.org,true
zenithar.org,false

About

Golang DGA generator and bloom filter builder

Topics

bloom-filter dga-domains dga-detection

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages