Enhanced Domain Generating Algorithm Detection Based on Deep Neural Networks

Amara Dinesh Kumar, Harish Thodupunoori, R. Vinayakumar, K. P. Soman, Prabaharan Poornachandran, Mamoun Alazab, Sitalakshmi Venkatraman

Research output: Chapter in Book/Report/Conference proceedingChapter

Abstract

In recent years, modern botnets employ the technique of domain generation algorithm (DGA) to evade detection solutions that use either reverse engineering methods, or blacklisting of malicious domain names. DGA facilitates generation of large number of pseudo random domain names to connect to the command and control server. This makes DGAs very convincing for botnet operators (botmasters) to make their botnets more effective and resilient to blacklisting and efforts of shutting-down attacks. Detecting the malicious domains generated by the DGAs in real time is the most challenging task and significant research has been carried out by applying different machine learning algorithms. This research considers contemporary state-of-the-art DGA malicious detection approaches and proposes a deep learning architecture for detecting the DGA generated domain names.

This chapter presents extensive experiments conducted with various Deep Neural Networks (DNN), mainly, convolutional neural network (CNN), Recurrent Neural Network (RNN), Long Short-Term Memory (LSTM), Gated Recurrent Unit (GRU), Bidirectional Long Short-Term Memory (BiLSTM), Bidirectional Recurrent Neural Network (BiRNN) and CNN-LSTM layers deep learning architectures for the binary class and multi-class detection. An extensive study of the performance and efficiency of the proposed DGA Malicious Detector is conducted through rigorous experimentation and testing of two different datasets. The first dataset consists of public sources and the second dataset is from private sources. We perform a comprehensive measurement study of the DGA by analyzing more than three Million domain names. Our experiments show our DGA Malicious Detector is capable of effectively identifying domains generated by DGA families with high accuracy of 99.7% and 97.1% for the two datasets respectively. A comparative study of the deep learning approaches shows good benchmarking of our DGA Malicious Detector.
Original languageEnglish
Title of host publicationDeep Learning Applications for Cyber Security
EditorsMamoun Alazab, MingJian Tang
PublisherSpringer Nature
Pages151-173
Number of pages23
ISBN (Electronic)978-3-030-13057-2
ISBN (Print)978-3-030-13056-5
DOIs
Publication statusPublished - 2019

Publication series

NameAdvanced Sciences and Technologies for Security Applications
ISSN (Print)1613-5113
ISSN (Electronic)2363-9466

Fingerprint Dive into the research topics of 'Enhanced Domain Generating Algorithm Detection Based on Deep Neural Networks'. Together they form a unique fingerprint.

  • Cite this

    Kumar, A. D., Thodupunoori, H., Vinayakumar, R., Soman, K. P., Poornachandran, P., Alazab, M., & Venkatraman, S. (2019). Enhanced Domain Generating Algorithm Detection Based on Deep Neural Networks. In M. Alazab, & M. Tang (Eds.), Deep Learning Applications for Cyber Security (pp. 151-173). (Advanced Sciences and Technologies for Security Applications). Springer Nature. https://doi.org/10.1007/978-3-030-13057-2_7