Deep learning DGA malicious domain name detection based on multi-stage feature fusion

Abstract

In recent years, cybersecurity issues have emerged one after another, with botnets extensively utilizing Domain Generation Algorithms (DGA) to evade detection. To address the issue of insufficient detection accuracy in existing DGA malicious domain detection models, this paper proposes a deep learning detection model based on multi-stage feature fusion. By extracting local feature information and positional information of domain name sequences through the fusion of Multilayer Convolutional Neural Network (MCNN) and Transformer, and capturing the long-distance contextual semantic features of domain name sequences through Bi-directional Long Short-Term Memory Network (BiLSTM), these features are finally fused for malicious domain classification. Experimental results show that the model maintains an average Accuracy of 93.26% and an average F1-Score of 93.32% for 33 DGA families, demonstrating better comprehensive detection performance compared to other deep learning detection algorithms.