DBD: Deep Learning DGA-based Botnet Detection

R. Vinayakumar, K. P. Soman, Prabaharan Poornachandran, Mamoun Alazab, Alireza Jolfaei

    Research output: Chapter in Book/Report/Conference proceedingChapterpeer-review

    40 Citations (Scopus)

    Abstract

    Botnets play an important role in malware distribution and they are widely used for spreading malicious activities in the Internet. The study of the literature shows that a large subset of botnets use DNS poisoning to spread out malicious activities and that there are various methods for their detection using DNS queries. However, since botnets generate domain names quite frequently, the resolution of domain names can be very time consuming. Hence, the detection of botnets can be extremely difficult. This chapter propose a novel deep learning framework to detect malicious domains generated by malicious Domain Generation Algorithms (DGA). The proposed DGA detection method, named, Deep Bot Detect (DBD) is able to evaluate data from large scale networks without reverse engineering or performing Non-Existent Domain (NXDomain) inspection. The framework analyzes domain names and categorizes them using statistical features, which are extracted implicitly through deep learning architectures. The framework is tested and deployed in our lab environment. The experimental results demonstrate the effectiveness of the proposed framework and shows that the proposed method has high accuracy and low false-positive rates. The proposed framework is a simple architecture that contains fewer learnable parameters compared to other character-based, short text classification models. Therefore, the proposed framework is faster to train and is less prone to over-fitting. The framework provides an early detection mechanism for the identification of Domain-Flux botnets propagating in a network and it helps keep the Internet clean from related malicious activities.
    Original languageEnglish
    Title of host publicationDeep Learning Applications for Cyber Security
    EditorsMamoun Alazab, MingJian Tang
    Place of PublicationSwitzerland
    PublisherSpringer Nature
    Chapter6
    Pages127-149
    Number of pages23
    Edition1
    ISBN (Electronic)978-3-030-13057-2
    ISBN (Print)978-3-030-13056-5, 978-3-030-13059-6
    DOIs
    Publication statusPublished - 2019

    Publication series

    NameAdvanced Sciences and Technologies for Security Applications
    ISSN (Print)1613-5113
    ISSN (Electronic)2363-9466

    Fingerprint

    Dive into the research topics of 'DBD: Deep Learning DGA-based Botnet Detection'. Together they form a unique fingerprint.

    Cite this