Inline DGA Detection with Deep Networks

Domain generation algorithms (DGAs) automatically generate large numbers of domain names in DNS domain fluxing for the purpose of command-and-control (C&C) communication. DGAs are immune to static prevention methods like blacklisting and sinkholing. Detection of DGAs in a live stream of queries...

Full description

Saved in:
Bibliographic Details
Published inIEEE ... International Conference on Data Mining workshops pp. 683 - 692
Main Authors Bin Yu, Gray, Daniel L., Pan, Jie, De Cock, Martine, Nascimento, Anderson C. A.
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.11.2017
Subjects
Data Mining
Deep Learning
DGA Detection
Feature extraction
IP networks
Machine learning
Malware
Neural networks
Servers
Training
Online AccessGet full text

Cover

More Information
Summary:Domain generation algorithms (DGAs) automatically generate large numbers of domain names in DNS domain fluxing for the purpose of command-and-control (C&C) communication. DGAs are immune to static prevention methods like blacklisting and sinkholing. Detection of DGAs in a live stream of queries in a DNS server is referred to as inline detection. Most of the previous approaches in the literature on DGA detection either: (i) are based on small synthetic data sets for training, rather than data collected from real traffic or (ii) require contextual information and therefore cannot be used for inline detection. In this work, we overcome these limitations by proposing a novel way to label a large volume of data collected from real traffic as DGA/non-DGA and by using deep learning techniques. Our classifiers can be trained with large amounts of real traffic, rather than small synthetic data sets, and therefore have better performance.
ISSN:2375-9259
DOI:10.1109/ICDMW.2017.96