Advertisement

Bidirectional LSTM Models for DGA Classification

  • Giuseppe Attardi
  • Daniele SartianoEmail author
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 969)

Abstract

The paper describes our submission to the shared task on DGA classification at DMD 2018. The approach is based on a Deep Learning architecture using bidirectional LSTM neural networks. Similar models are used in both the tasks, the first one is to identify the DGA generated domain name and the second one is to detect and categorize the DGA generated domain name to their botnet family.

Keywords

DGA Multi class classification Deep learning Bidirectional LSTM 

Notes

Acknowledgments

The experiments were conducted on a server with 4 Nvidia Tesla Pascal 100 GPUs, acquired with partial funding from Grandi Attrezzature 2016 by the Università di Pisa.

References

  1. 1.
    Stewart, J.: Bobax Trojan analysis. SecureWork 17, 34 (2004)Google Scholar
  2. 2.
    Stone-Gross, B., Cova, M., Gilbert, B., Kemmerer, R., Kruegel, C., Vigna, G.: Analysis of a botnet takeover. IEEE Secur. Priv. 9(1), 64–72 (2011)CrossRefGoogle Scholar
  3. 3.
    Royal, P.: Analysis of the kraken botnet. Damballa 9 (2008)Google Scholar
  4. 4.
    Porras, P.A., Saïdi, H., Yegneswaran, V.: A foray into Conficker’s logic and rendezvous points. LEET 9, 7 (2009)Google Scholar
  5. 5.
    Shevchenko, S.: Srizbi domain generator calculator (2008)Google Scholar
  6. 6.
    Kührer, M., Rossow, C., Holz, T.: Paint it black: evaluating the effectiveness of malware blacklists. In: Stavrou, A., Bos, H., Portokalidis, G. (eds.) RAID 2014. LNCS, vol. 8688, pp. 1–21. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-11379-1_1CrossRefGoogle Scholar
  7. 7.
    Yadav, S., Reddy, A.K.K., Reddy, A.L., Ranjan, S.: Detecting algorithmically generated malicious domain names. In: Proceedings of the 10th ACM SIGCOMM Conference on Internet Measurement, pp. 48–61. ACM (2010)Google Scholar
  8. 8.
    Antonakakis, M., et al.: From throw-away traffic to bots: detecting the rise of DGA-based malware. In: USENIX Security Symposium, vol. 12 (2012)Google Scholar
  9. 9.
    Schiavoni, S., Maggi, F., Cavallaro, L., Zanero, S.: Phoenix: DGA-based botnet tracking and intelligence. In: Dietrich, S. (ed.) DIMVA 2014. LNCS, vol. 8550, pp. 192–211. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-08509-8_11CrossRefGoogle Scholar
  10. 10.
    Grill, M., Nikolaev, I., Valeros, V., Rehak, M.: Detecting DGA malware using NetFlow. In: 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM), pp. 1304–1309. IEEE (2015)Google Scholar
  11. 11.
    Woodbridge, J., Anderson, H.S., Ahuja, A., Grant, D.: Predicting domain generation algorithms with long short-term memory networks. arXiv preprint arXiv:1611.00791 (2016)
  12. 12.
    Lison, P., Mavroeidis, V.: Automatic detection of malware-generated domains with recurrent neural models. arXiv preprint arXiv:1709.07102 (2017)
  13. 13.
    Generation algorithms. https://github.com/baderj/domain
  14. 14.
  15. 15.
  16. 16.
  17. 17.
  18. 18.
    Vinayakumar, R., Poornachandran, P., Soman, K.P.: Scalable framework for cyber threat situational awareness based on domain name systems data analysis. In: Roy, S.S., Samui, P., Deo, R., Ntalampiras, S. (eds.) Big Data in Engineering Applications. SBD, vol. 44, pp. 113–142. Springer, Singapore (2018).  https://doi.org/10.1007/978-981-10-8476-8_6CrossRefGoogle Scholar
  19. 19.
    Vinayakumar, R., Soman, K., Poornachandran, P.: Detecting malicious domain names using deep learning approaches at scale. J. Intell. Fuzzy Syst. 34(3), 1355 (2018)CrossRefGoogle Scholar
  20. 20.
    Vinayakumar, R., Soman, K., Poornachandran, P., Kumar, S.S.: Evaluating deep learning approaches to characterize and classify the DGAS at scale. J. Intell. Fuzzy Syst. 34(3), 1265–1276 (2018)CrossRefGoogle Scholar
  21. 21.
    Vinayakumar, R., Soman, K., Prabaharan, P., Pradeep, M.: A deep-dive on machine learning for cybersecurity use cases. In: Gupta, B., Sheng, M. (eds.) Machine Learning for Computer and Cyber Security: Principle, Algorithms, and Practices. CRC press, USA (In press)Google Scholar
  22. 22.
    Mohan, V.S., Vinayakumar, R., Soman, K.P., Poornachandran, P.: SPOOF net: syntactic patterns for identification of Ominous Online factors. In: IEEE Symposium (2017)Google Scholar
  23. 23.
    Chollet, F., et al.: Keras (2015)Google Scholar
  24. 24.
    Abadi, M., et al.:Tensorflow: a system for large-scale machine learning, vol. 16, pp. 265–283 (2016)Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  1. 1.Dipartimento di InformaticaUniversità di PisaPisaItaly

Personalised recommendations