New DGA 2.0 Classifier
Domain generation algorithms (DGAs) are used by attackers to randomly generate host names to bypass security products with blocking capabilities. These algorithms are commonly used for communication in botnets and adware. Since they're dynamically generated, they can successfully bypass security products that rely on static, signature-based watchlists, that would otherwise block them.
While global threat alerts has supported the detection of DGA domains since 2015, the DGA 2.0 classifier is a new model built on top of a neural network (state-of-the-art solution for text processing) instead of the older random forests. This architectural refresh and a newly crafted training set result in doubling the recall (number of true positives) while producing fewer false positives.
This can be seen in
.