Detecting DGA Using Deep Neural Networks (DNNs)

  • P. V. JyothsnaEmail author
  • Greeshma Prabha
  • K. K. Shahina
  • Anu Vazhayil
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 969)


In recent days, malicious authors use domain generation algorithms so that they can easily evade blacklisting and heuristics mechanism. DGAs is used by a larger number of malware families to generate many pseudo-random domain names to connect to C2 server. In this paper, the deep neural network is employed along with 3-gram representation to transform the domain names into a numeric representation. Deep neural networks have a certain level of complexity since it uses sophisticated mathematical modeling to process data. The network parameters and network 3-gram representation is used to transform the domain names into a numeric representation. The network parameters and network structures for DNN are selected by following the hyperparameter selection method. All experiments are run until one hundred times with learning rate inside the range [0.01–0.5]. The experiments of DNN are run on DGA corpus given by DMD-2018 shared task organizer.


Domain generation algorithms (DGAs) Deep neural networks 3-gram representation 


  1. 1.
    Anonymous authors: Character level based detection of DGA domain names. Under review as a conference paper at ICLR (2018)Google Scholar
  2. 2.
    Bisio, F., Saeli, S., Lombardo, P., Bernardi, D., Perotti, A., Massa, D.: Real-time behavioural DGA detection through machine learning. In: 2017 International Carnahan Conference on Security Technology (ICCST), pp. 1–6. Madrid (2017).
  3. 3.
    Yu, B., Gray, D.L., Pan, J., Cock, M.D., Nascimento, A.C.A.: Inline DGA detection with deep networks. In: 2017 IEEE International Conference on Data Mining Workshops (ICDMW), pp. 683–692. New Orleans, LA (2017).
  4. 4.
    Lison, P., Mavroeidis, V.: Automatic detection of malware-generated domains with recurrent neural models. In: NISK 2017 (2017). arXiv:1709.07102 [cs.CR]
  5. 5.
    Vinayakumar, R., Soman, K.P., Poornachandran, P.: Detecting malicious domain names using deep learning approaches at scale. J. Intell. Fuzzy Syst. 34(3), 1355–1367 (2018)CrossRefGoogle Scholar
  6. 6.
    Mac, H., Tran, D., Tong, V.: DGA botnet detection using supervised learning methods. In: SoICT 2017 Proceedings of the Eighth International Symposium on Information and Communication Technology, pp. 211–218Google Scholar
  7. 7.
    Woodbridge, J., Anderson, H.S., Ahuja, A., Grant, D.: Predicting domain generation algorithms with long short-term memory networks (2016). arXiv:1611.00791 [cs.CR]
  8. 8.
    Cong, Y., Zhou, X., Kennedy, R.A.: Finite-horizon throughput region for wireless multi-user interference channels. IEEE Trans. Wireless Commun. 16(1), 634–646 (2017)CrossRefGoogle Scholar
  9. 9.
    Highnam, K., Puzio, D.: Deep learning for real-time malware detection, ACSC2018Google Scholar
  10. 10.
    Glorot, X., Bordes, A., Bengio, Y.: Deep sparse rectifier neural networks. In: Proceedings of the Fourteenth International Conference on Artificial Intelligence and Statistics, pp. 315–323, June 2011Google Scholar
  11. 11.
    Maas, A.L., Hannun, A.Y., Ng, A.Y.: Rectifier nonlinearities improve neural network acoustic models. In: Proceedings of ICML, vol. 30, no. 1 (2013)Google Scholar
  12. 12.
    Nair, V., Hinton, G.E.: Rectified linear units improve restricted Boltzmann machines. In: Proceedings of the 27th International Conference on Machine Learning (ICML-10), pp. 807–814 (2010)Google Scholar
  13. 13.
  14. 14.
  15. 15.
  16. 16.
    Does Alexa have a list of its top-ranked websites?
  17. 17.
    OpenDNS domain list.
  18. 18.
    Vinayakumar, R., Poornachandran, P., Soman, K.P.: Scalable framework for cyber threat situational awareness based on domain name systems data analysis. In: Roy, S.S., Samui, P., Deo, R., Ntalampiras, S. (eds.) Big Data in Engineering Applications. SBD, vol. 44, pp. 113–142. Springer, Singapore (2018). Scholar
  19. 19.
    Vinayakumar, R., Soman, K., Poornachandran, P.: Detecting malicious domain names using deep learning approaches at scale. J. Intell. Fuzzy Syst. 34(3), 1355–1367 (2018)CrossRefGoogle Scholar
  20. 20.
    Vinayakumar, R., Soman, K., Poornachandran, P., SachinKumar, S.: Evaluating deep learning approaches to characterize and classify the DGAs at scale. J. Intell. Fuzzy Syst. 34(3), 1265–1276 (2018)CrossRefGoogle Scholar
  21. 21.
    Vinayakumar, R., Soman, K.P., Poornachandran, P., Menon, P.: A deep-dive on Machine learning for Cybersecurity use cases. In: Gupta, B., Sheng, M. (eds.) Machine Learning for Computer and Cyber Security: Principle, Algorithms, and Practices. CRC Press, USA (In Press)Google Scholar
  22. 22.
    Mohan, V.S., Vinayakumar, R., Soman, K.P., Poornachandran, P.: SPOOF net: syntactic patterns for identification of ominous online factors. In: 2017 IEEE Symposium Security and Privacy (SP), BioSTAR 2018 (In Press)Google Scholar
  23. 23.
    Vinayakumar, R., Soman, K.P., Poornachandran, P.: BigCogNet: big data based cognitive security system for an organization. In: Alazab, M., Tang, M.J. (eds.) Deep Learning Applications for Cyber Security, Advanced Sciences and Technologies for Security Applications. Springer, Heidelberg (under-review)Google Scholar
  24. 24.
  25. 25.
    Vinayakumar, R., Soman, K.P.: DGANet: applying traditional machine learning and deep learning models to detect and categorize DGA. ICT Expr. (2018). [under review]Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  • P. V. Jyothsna
    • 1
    Email author
  • Greeshma Prabha
    • 1
  • K. K. Shahina
    • 1
  • Anu Vazhayil
    • 2
  1. 1.Department of Computer Science and EngineeringVidya Academy of Science and Technology, Thrissur Kalam Techinical UniversityThrissurIndia
  2. 2.Centre for Computational Engineering and Networking (CEN)Amrita School of Engineering, Amrita Vishwa VidyapeethamCoimbatoreIndia

Personalised recommendations