Enhanced Domain Generating Algorithm Detection Based on Deep Neural Networks

Amara Dinesh Kumar, Harish Thodupunoori, R. Vinayakumar, K. P. Soman, Prabaharan Poornachandran, Mamoun Alazab, Sitalakshmi Venkatraman

    Research output: Chapter in Book/Report/Conference proceedingChapterpeer-review


    In recent years, modern botnets employ the technique of domain generation algorithm (DGA) to evade detection solutions that use either reverse engineering methods, or blacklisting of malicious domain names. DGA facilitates generation of large number of pseudo random domain names to connect to the command and control server. This makes DGAs very convincing for botnet operators (botmasters) to make their botnets more effective and resilient to blacklisting and efforts of shutting-down attacks. Detecting the malicious domains generated by the DGAs in real time is the most challenging task and significant research has been carried out by applying different machine learning algorithms. This research considers contemporary state-of-the-art DGA malicious detection approaches and proposes a deep learning architecture for detecting the DGA generated domain names.

    This chapter presents extensive experiments conducted with various Deep Neural Networks (DNN), mainly, convolutional neural network (CNN), Recurrent Neural Network (RNN), Long Short-Term Memory (LSTM), Gated Recurrent Unit (GRU), Bidirectional Long Short-Term Memory (BiLSTM), Bidirectional Recurrent Neural Network (BiRNN) and CNN-LSTM layers deep learning architectures for the binary class and multi-class detection. An extensive study of the performance and efficiency of the proposed DGA Malicious Detector is conducted through rigorous experimentation and testing of two different datasets. The first dataset consists of public sources and the second dataset is from private sources. We perform a comprehensive measurement study of the DGA by analyzing more than three Million domain names. Our experiments show our DGA Malicious Detector is capable of effectively identifying domains generated by DGA families with high accuracy of 99.7% and 97.1% for the two datasets respectively. A comparative study of the deep learning approaches shows good benchmarking of our DGA Malicious Detector.
    Original languageEnglish
    Title of host publicationDeep Learning Applications for Cyber Security
    EditorsMamoun Alazab, MingJian Tang
    Place of PublicationCham
    PublisherSpringer Nature
    Number of pages23
    ISBN (Electronic)978-3-030-13057-2
    ISBN (Print)978-3-030-13056-5
    Publication statusPublished - 2019

    Publication series

    NameAdvanced Sciences and Technologies for Security Applications
    ISSN (Print)1613-5113
    ISSN (Electronic)2363-9466


    Dive into the research topics of 'Enhanced Domain Generating Algorithm Detection Based on Deep Neural Networks'. Together they form a unique fingerprint.

    Cite this