Abstract
Domain generation algorithms (DGAs) represent a class of malware used to generate large numbers of new domain names to achieve command-and-control (C2) communication between the malware program and its C2 server to avoid detection by cybersecurity measures. Deep learning has proven successful in serving as a mechanism to implement real-time DGA detection, specifically through the use of recurrent neural networks (RNNs) and convolutional neural networks (CNNs). This paper compares several state-of-the-art deep-learning implementations of DGA detection found in the literature with two novel models: a deeper CNN model and a one-dimensional (1D) Capsule Networks (CapsNet) model. The comparison shows that the 1D CapsNet model performs as well as the best-performing model from the literature.
Highlights
Domain generation algorithms (DGAs) are a type of malware tool used by attackers to generate a large number of domain names on the fly
DGAs, malware used a static list of domain names, and cyber defenders neutralized the malware by blacklisting specific domain names
The models that were trained the fastest were the convolutional neural networks (CNNs) models, followed by the Long Short-Term Memory (LSTM) models, the Capsule Networks (CapsNet) model, which took nearly twice as long to train as the LSTM models
Summary
Domain generation algorithms (DGAs) are a type of malware tool used by attackers to generate a large number of domain names on the fly. This approach requires no external features and treats each character of the domain as a feature It has been used with a variety of deep-learning models including convolutional neural networks (CNNs)+LSTM [11], bidirectional LSTM [12] with embedding [11], simple one-dimensional (1D) CNNs with only a convolution layer and no maximum pooling layers [13], pre-trained CNN image classifiers [14], multiple CNNs in parallel [15], and class-imbalance LSTMs for identifying classes of DGAs [16].
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have