After infecting a target machine, many malicious programs need to communicate with a command & control server ( C & C) that is controlled by the malware author. In order to avoid detection and subvert defensive measures, malware authors employ domain generation algorithms (DGA), which enable the malware to generate hundreds or thousands of new domains, one of which is then registered by the malware author as the location of the C&C server.