Using Auxiliary Inputs in Deep Learning Models for Detecting DGA-based Domain Names

Indraneel Ghosh, Subham Kumar, Ashutosh Bhatia, Deepak Kumar Vishwakarma

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Command-and-Control (CC) servers use Domain Generation Algorithms (DGAs) to communicate with bots for uploading malware and coordinating attacks. Manual detection methods and sinkholing fail to work against these algorithms, which can generate thousands of domain names within a short period. This creates a need for an automated and intelligent system that can detect such malicious domains. LSTM (Long Short Term Memory) is one of the most popularly used deep learning architectures for DGA detection, but it performs poorly against Dictionary Domain Generation Algorithms. This work explores the application of various machine learning techniques to this problem, including specialized approaches such as Auxiliary Loss Optimization for Hypothesis Augmentation (ALOHA), with a particular focus on their performance against Dictionary Domain Generation Algorithms. The ALOHA-LSTM model improves the accuracy of Dictionary Domain Generation Algorithms compared to the state of the art LSTM model. Improvements were observed in the case of word-based DGAs as well. Addressing this issue is of paramount importance, as they are used extensively in carrying out Distributed Denial-of-Service (DDoS) attacks. DDoS and its variants comprise one of the most significant and damaging cyber-attacks that have been carried out in the past.

Original languageEnglish (US)
Title of host publication35th International Conference on Information Networking, ICOIN 2021
PublisherIEEE Computer Society
Pages391-396
Number of pages6
ISBN (Electronic)9781728191003
DOIs
StatePublished - Jan 13 2021
Externally publishedYes
Event35th International Conference on Information Networking, ICOIN 2021 - Jeju Island, Korea, Republic of
Duration: Jan 13 2021Jan 16 2021

Publication series

NameInternational Conference on Information Networking
Volume2021-January
ISSN (Print)1976-7684

Conference

Conference35th International Conference on Information Networking, ICOIN 2021
Country/TerritoryKorea, Republic of
CityJeju Island
Period1/13/211/16/21

Keywords

  • ALOHA
  • Auxiliary Labels
  • Botnets
  • Domain Generation Algorithms
  • Network Security

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Information Systems

Fingerprint

Dive into the research topics of 'Using Auxiliary Inputs in Deep Learning Models for Detecting DGA-based Domain Names'. Together they form a unique fingerprint.

Cite this