Domain Name Detection and Classification Using Deep Neural Networks
The malware families uses Domain Generated Algorithms (DGA) to generate and register different domains to connect to the command and Control server. To improve the automated analysis of DGA-based malware, we have developed an analysis system for detection and classification of DGA’s. In this paper we proposed to take a string of characters as input given in the domain names and classify them as either benign or malicious domain name using deep learning architectures such as Long Short Term Memory (LSTM) and Bidirectional LSTM. We have used the data set given by shared task on Detecting Malicious Domain names (DMD 2018). We have developed a system for both binary and multiclass classification task to detect the malicious domain names. We have observed that the proposed model for binary classification performed better than multiclass classification.
KeywordsDomain Generated Algorithm Deep learning architecture LSTM Bidirectional LSTM
We would like to thank the management of SSN College of Engineering for funding GPU system, which helps us to carry out the deep learning related research work.
- 7.Does Alexa have a list of its top-ranked websites? https://support.alexa.com
- 8.OpenDNS domain list. https://umbrella.cisco.com/blog
- 9.Le, H., Pham, Q., Sahoo, D., Hoi, S.C.: URLnet: Learning a URL representation with deep learning for malicious URL detection. arXiv preprint arXiv:1802.03162 (2018)
- 10.Mohan, V.S., Vinayakumar, R., Soman, K., Poornachandran, P.: SPOOF net: syntactic patterns for identification of ominous online factors. In: 2018 IEEE Security and Privacy Workshops (SPW), pp. 258–263. IEEE (2018)Google Scholar
- 11.Vinayakumar, R., Soman, K.P.: Applying traditional machine learning and deep learning models to detect and categorize DGA. Big Data Eng. Appl. (2018, under-review)Google Scholar
- 12.Sahoo, D., Liu, C., Hoi, S.C.: Malicious URL detection using machine learning: a survey. arXiv preprint arXiv:1701.07179 (2017)
- 13.Vinayakumar, R., Poornachandran, P., Soman, K.P.: Scalable framework for cyber threat situational awareness based on domain name systems data analysis. In: Roy, S.S., Samui, P., Deo, R., Ntalampiras, S. (eds.) Big Data in Engineering Applications. SBD, vol. 44, pp. 113–142. Springer, Singapore (2018). https://doi.org/10.1007/978-981-10-8476-8_6CrossRefGoogle Scholar
- 16.Vinayakumar R, Soman KP, P.P.: BigCogNet: big data based cognitive security system for an organization. In: Alazab, M., Tang, M.J. (eds.) Deep Learning Applications for Cyber Security, Advanced Sciences and Technologies for Security Applications (under-review)Google Scholar
- 17.Vinayakumar, R, Soman KP, P.P., Menon, P.: A deep-dive on Machine learning for Cybersecurity use cases. In: Machine Learning for Computer and Cyber Security: Principle, Algorithms, and Practices. CRC Press (In Press)Google Scholar
- 18.Woodbridge, J., Anderson, H.S., Ahuja, A., Grant, D.: Predicting domain generation algorithms with long short-term memory networks. arXiv preprint arXiv:1611.00791 (2016)
- 19.Yu, B., Pan, J., Hu, J., Nascimento, A., De Cock, M.: Character level based detection of DGA domain names. In: ICLR (2018). To appearGoogle Scholar
- 20.Zeng, F., Chang, S., Wan, X.: Classification for DGA-based malicious domain names with deep learning architectures. Int. J. Intell. Inf. Syst. 6(6), 67 (2017)Google Scholar