Adversarial Defense: DGA-Based Botnets and DNS Homographs Detection Through Integrated Deep Learning

Vinayakumar Ravi, Mamoun Alazab, Sriram Srinivasan, Ajay Arunachalam, K. P. Soman

    Research output: Contribution to journalArticlepeer-review


    Cybercriminals use domain generation algorithms (DGAs) to prevent their servers from being potentially blacklisted or shut down. Existing reverse engineering techniques for DGA detection is labor intensive, extremely time-consuming, prone to human errors, and have significant limitations. Hence, an automated real-time technique with a high detection rate is warranted in such applications. In this article, we present a novel technique to detect randomly generated domain names and domain name system (DNS) homograph attacks without the need for any reverse engineering or using nonexistent domain (NXDomain) inspection using deep learning. We provide an extensive evaluation of our model over four large, real-world, publicly available datasets. We further investigate the robustness of our model against three different adversarial attacks: DeepDGA, CharBot, and MaskDGA. Our evaluation demonstrates that our method is effectively able to identify DNS homograph attacks and DGAs and also is resilient to common evading cyberattacks. Promising results show that our approach provides a more effective detection rate with an accuracy of 0.99. Additionally, the performance of our model is compared against the most popular deep learning architectures. Our findings highlight the essential need for more robust detection models to counter adversarial learning.
    Original languageEnglish
    Pages (from-to)249-266
    Number of pages18
    JournalIEEE Transactions on Engineering Management
    Issue number1
    Early online date12 Mar 2021
    Publication statusPublished - 1 Jan 2023


    Dive into the research topics of 'Adversarial Defense: DGA-Based Botnets and DNS Homographs Detection Through Integrated Deep Learning'. Together they form a unique fingerprint.

    Cite this