TY - GEN
T1 - Using Auxiliary Inputs in Deep Learning Models for Detecting DGA-based Domain Names
AU - Ghosh, Indraneel
AU - Kumar, Subham
AU - Bhatia, Ashutosh
AU - Vishwakarma, Deepak Kumar
N1 - Publisher Copyright:
© 2021 IEEE.
PY - 2021/1/13
Y1 - 2021/1/13
N2 - Command-and-Control (CC) servers use Domain Generation Algorithms (DGAs) to communicate with bots for uploading malware and coordinating attacks. Manual detection methods and sinkholing fail to work against these algorithms, which can generate thousands of domain names within a short period. This creates a need for an automated and intelligent system that can detect such malicious domains. LSTM (Long Short Term Memory) is one of the most popularly used deep learning architectures for DGA detection, but it performs poorly against Dictionary Domain Generation Algorithms. This work explores the application of various machine learning techniques to this problem, including specialized approaches such as Auxiliary Loss Optimization for Hypothesis Augmentation (ALOHA), with a particular focus on their performance against Dictionary Domain Generation Algorithms. The ALOHA-LSTM model improves the accuracy of Dictionary Domain Generation Algorithms compared to the state of the art LSTM model. Improvements were observed in the case of word-based DGAs as well. Addressing this issue is of paramount importance, as they are used extensively in carrying out Distributed Denial-of-Service (DDoS) attacks. DDoS and its variants comprise one of the most significant and damaging cyber-attacks that have been carried out in the past.
AB - Command-and-Control (CC) servers use Domain Generation Algorithms (DGAs) to communicate with bots for uploading malware and coordinating attacks. Manual detection methods and sinkholing fail to work against these algorithms, which can generate thousands of domain names within a short period. This creates a need for an automated and intelligent system that can detect such malicious domains. LSTM (Long Short Term Memory) is one of the most popularly used deep learning architectures for DGA detection, but it performs poorly against Dictionary Domain Generation Algorithms. This work explores the application of various machine learning techniques to this problem, including specialized approaches such as Auxiliary Loss Optimization for Hypothesis Augmentation (ALOHA), with a particular focus on their performance against Dictionary Domain Generation Algorithms. The ALOHA-LSTM model improves the accuracy of Dictionary Domain Generation Algorithms compared to the state of the art LSTM model. Improvements were observed in the case of word-based DGAs as well. Addressing this issue is of paramount importance, as they are used extensively in carrying out Distributed Denial-of-Service (DDoS) attacks. DDoS and its variants comprise one of the most significant and damaging cyber-attacks that have been carried out in the past.
KW - ALOHA
KW - Auxiliary Labels
KW - Botnets
KW - Domain Generation Algorithms
KW - Network Security
UR - http://www.scopus.com/inward/record.url?scp=85100781294&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85100781294&partnerID=8YFLogxK
U2 - 10.1109/ICOIN50884.2021.9333979
DO - 10.1109/ICOIN50884.2021.9333979
M3 - Conference contribution
AN - SCOPUS:85100781294
T3 - International Conference on Information Networking
SP - 391
EP - 396
BT - 35th International Conference on Information Networking, ICOIN 2021
PB - IEEE Computer Society
T2 - 35th International Conference on Information Networking, ICOIN 2021
Y2 - 13 January 2021 through 16 January 2021
ER -