Abstract
In recent days, malicious authors use domain generation algorithms so that they can easily evade blacklisting and heuristics mechanism. DGAs is used by a larger number of malware families to generate many pseudo-random domain names to connect to C2 server. In this paper, the deep neural network is employed along with 3-gram representation to transform the domain names into a numeric representation. Deep neural networks have a certain level of complexity since it uses sophisticated mathematical modeling to process data. The network parameters and network 3-gram representation is used to transform the domain names into a numeric representation. The network parameters and network structures for DNN are selected by following the hyperparameter selection method. All experiments are run until one hundred times with learning rate inside the range [0.01–0.5]. The experiments of DNN are run on DGA corpus given by DMD-2018 shared task organizer.
Supported by Centre for Computational Engineering and Networking (CEN), Amrita School of Engineering, Amrita Vishwa Vidyapeetham, Coimbatore, India.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Anonymous authors: Character level based detection of DGA domain names. Under review as a conference paper at ICLR (2018)
Bisio, F., Saeli, S., Lombardo, P., Bernardi, D., Perotti, A., Massa, D.: Real-time behavioural DGA detection through machine learning. In: 2017 International Carnahan Conference on Security Technology (ICCST), pp. 1–6. Madrid (2017). https://doi.org/10.1109/CCST.2017.8167790
Yu, B., Gray, D.L., Pan, J., Cock, M.D., Nascimento, A.C.A.: Inline DGA detection with deep networks. In: 2017 IEEE International Conference on Data Mining Workshops (ICDMW), pp. 683–692. New Orleans, LA (2017). https://doi.org/10.1109/ICDMW.2017.96
Lison, P., Mavroeidis, V.: Automatic detection of malware-generated domains with recurrent neural models. In: NISK 2017 (2017). arXiv:1709.07102 [cs.CR]
Vinayakumar, R., Soman, K.P., Poornachandran, P.: Detecting malicious domain names using deep learning approaches at scale. J. Intell. Fuzzy Syst. 34(3), 1355–1367 (2018)
Mac, H., Tran, D., Tong, V.: DGA botnet detection using supervised learning methods. In: SoICT 2017 Proceedings of the Eighth International Symposium on Information and Communication Technology, pp. 211–218
Woodbridge, J., Anderson, H.S., Ahuja, A., Grant, D.: Predicting domain generation algorithms with long short-term memory networks (2016). arXiv:1611.00791 [cs.CR]
Cong, Y., Zhou, X., Kennedy, R.A.: Finite-horizon throughput region for wireless multi-user interference channels. IEEE Trans. Wireless Commun. 16(1), 634–646 (2017)
Highnam, K., Puzio, D.: Deep learning for real-time malware detection, ACSC2018
Glorot, X., Bordes, A., Bengio, Y.: Deep sparse rectifier neural networks. In: Proceedings of the Fourteenth International Conference on Artificial Intelligence and Statistics, pp. 315–323, June 2011
Maas, A.L., Hannun, A.Y., Ng, A.Y.: Rectifier nonlinearities improve neural network acoustic models. In: Proceedings of ICML, vol. 30, no. 1 (2013)
Nair, V., Hinton, G.E.: Rectified linear units improve restricted Boltzmann machines. In: Proceedings of the 27th International Conference on Machine Learning (ICML-10), pp. 807–814 (2010)
Does Alexa have a list of its top-ranked websites? https://support.alexa.com
OpenDNS domain list. https://umbrella.cisco.com/
Vinayakumar, R., Poornachandran, P., Soman, K.P.: Scalable framework for cyber threat situational awareness based on domain name systems data analysis. In: Roy, S.S., Samui, P., Deo, R., Ntalampiras, S. (eds.) Big Data in Engineering Applications. SBD, vol. 44, pp. 113–142. Springer, Singapore (2018). https://doi.org/10.1007/978-981-10-8476-8_6
Vinayakumar, R., Soman, K., Poornachandran, P.: Detecting malicious domain names using deep learning approaches at scale. J. Intell. Fuzzy Syst. 34(3), 1355–1367 (2018)
Vinayakumar, R., Soman, K., Poornachandran, P., SachinKumar, S.: Evaluating deep learning approaches to characterize and classify the DGAs at scale. J. Intell. Fuzzy Syst. 34(3), 1265–1276 (2018)
Vinayakumar, R., Soman, K.P., Poornachandran, P., Menon, P.: A deep-dive on Machine learning for Cybersecurity use cases. In: Gupta, B., Sheng, M. (eds.) Machine Learning for Computer and Cyber Security: Principle, Algorithms, and Practices. CRC Press, USA (In Press)
Mohan, V.S., Vinayakumar, R., Soman, K.P., Poornachandran, P.: SPOOF net: syntactic patterns for identification of ominous online factors. In: 2017 IEEE Symposium Security and Privacy (SP), BioSTAR 2018 (In Press)
Vinayakumar, R., Soman, K.P., Poornachandran, P.: BigCogNet: big data based cognitive security system for an organization. In: Alazab, M., Tang, M.J. (eds.) Deep Learning Applications for Cyber Security, Advanced Sciences and Technologies for Security Applications. Springer, Heidelberg (under-review)
Vinayakumar, R., Soman, K.P.: DGANet: applying traditional machine learning and deep learning models to detect and categorize DGA. ICT Expr. (2018). [under review]
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Jyothsna, P.V., Prabha, G., Shahina, K.K., Vazhayil, A. (2019). Detecting DGA Using Deep Neural Networks (DNNs). In: Thampi, S., Madria, S., Wang, G., Rawat, D., Alcaraz Calero, J. (eds) Security in Computing and Communications. SSCC 2018. Communications in Computer and Information Science, vol 969. Springer, Singapore. https://doi.org/10.1007/978-981-13-5826-5_55
Download citation
DOI: https://doi.org/10.1007/978-981-13-5826-5_55
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-13-5825-8
Online ISBN: 978-981-13-5826-5
eBook Packages: Computer ScienceComputer Science (R0)