Abstract
This work analyzes the use of large language models (LLMs) for detectingdomain generation algorithms (DGAs). We perform a detailed evaluation of twoimportant techniques: In-Context Learning (ICL) and Supervised Fine-Tuning(SFT), showing how they can improve detection. SFT increases performance byusing domain-specific data, whereas ICL helps the detection model to quicklyadapt to new threats without requiring much retraining. We use Meta's Llama3 8Bmodel, on a custom dataset with 68 malware families and normal domains,covering several hard-to-detect schemes, including recent word-based DGAs.Results proved that LLM-based methods can achieve competitive results in DGAdetection. In particular, the SFT-based LLM DGA detector outperformsstate-of-the-art models using attention layers, achieving 94% accuracy with a4% false positive rate (FPR) and excelling at detecting word-based DGA domains.