An Analysis of Convolutional Neural Networks for detecting DGA

A Domain Generation Algorithm (DGA) is an algorithm to generate domain names in a deterministic but seemly random way. Malware use DGAs to generate the next domain to access the Command Control (C&C) communication channel. Given the simplicity and velocity associated to the domain generation...

Descripción completa

Guardado en:
Detalles Bibliográficos
Autores principales: Catania, Carlos, García, Sebastián, Torres, Pablo
Formato: Objeto de conferencia
Lenguaje:Inglés
Publicado: 2018
Materias:
Ciencias Informáticas
neural networks
network security
DGA detection
Acceso en línea:http://sedici.unlp.edu.ar/handle/10915/73629
Aporte de:
SEDICI (UNLP) de Universidad Nacional de La Plata
id I19-R120-10915-73629
record_format dspace
institution Universidad Nacional de La Plata
institution_str I-19
repository_str R-120
collection SEDICI (UNLP)
language Inglés
topic Ciencias Informáticas
neural networks
network security
DGA detection
spellingShingle Ciencias Informáticas
neural networks
network security
DGA detection
Catania, Carlos
García, Sebastián
Torres, Pablo
An Analysis of Convolutional Neural Networks for detecting DGA
topic_facet Ciencias Informáticas
neural networks
network security
DGA detection
description A Domain Generation Algorithm (DGA) is an algorithm to generate domain names in a deterministic but seemly random way. Malware use DGAs to generate the next domain to access the Command Control (C&C) communication channel. Given the simplicity and velocity associated to the domain generation process, machine learning detection methods emerged as suitable detection solution. However, since the periodical retraining becomes mandatory, a fast and accurate detection method is needed. Convolutional neural network (CNN) are well known for performing real-time detection in fields like image and video recognition. Therefore, they seem suitable for DGA detection. The present work is a preliminary analysis of the detection performance of CNN for DGA detection. A CNN with a minimal architecture complexity was evaluated on a dataset with 51 DGA malware families as well as normal domains. Despite its simple architecture, the resulting CNN model correctly detected more than 97% of total DGA domains with a false positive rate close to 0.7%.
format Objeto de conferencia
Objeto de conferencia
author Catania, Carlos
García, Sebastián
Torres, Pablo
author_facet Catania, Carlos
García, Sebastián
Torres, Pablo
author_sort Catania, Carlos
title An Analysis of Convolutional Neural Networks for detecting DGA
title_short An Analysis of Convolutional Neural Networks for detecting DGA
title_full An Analysis of Convolutional Neural Networks for detecting DGA
title_fullStr An Analysis of Convolutional Neural Networks for detecting DGA
title_full_unstemmed An Analysis of Convolutional Neural Networks for detecting DGA
title_sort analysis of convolutional neural networks for detecting dga
publishDate 2018
url http://sedici.unlp.edu.ar/handle/10915/73629
work_keys_str_mv AT cataniacarlos ananalysisofconvolutionalneuralnetworksfordetectingdga
AT garciasebastian ananalysisofconvolutionalneuralnetworksfordetectingdga
AT torrespablo ananalysisofconvolutionalneuralnetworksfordetectingdga
AT cataniacarlos analysisofconvolutionalneuralnetworksfordetectingdga
AT garciasebastian analysisofconvolutionalneuralnetworksfordetectingdga
AT torrespablo analysisofconvolutionalneuralnetworksfordetectingdga
bdutipo_str Repositorios
_version_ 1764820483005480960

Ejemplares similares