Journal of Ubiquitous Computing and Communication Technologies
IRO Journals
Volume 2 — Issue 4 — December 2020

Deep Learning Approach to DGA Classification for Effective Cyber Security

https://doi.org/10.36548/jucct.2020.4.003
Karunakaran P
Senior Instructor, Bahrain Training Institute,
PDF
PDF

How to Cite

P, Karunakaran. 2021. “Deep Learning Approach to DGA Classification for Effective Cyber Security”. Journal of Ubiquitous Computing and Communication Technologies 2 (4): 203-13. https://doi.org/10.36548/jucct.2020.4.003.
ACM ACS APA ABNT Chicago Harvard IEEE MLA Turabian Vancouver AMA

Download Citation

Endnote/Zotero/Mendeley (RIS) BibTeX

Keywords

— deep learning
— Cyber security
— Domain Generation Algorithm
Published: 06-01-2021

Abstract

In recent years, invaders are increasing rapidly in an internet world. Generally, in order to detect the anonymous attackers algorithm needs more number of features. Many algorithms fail in the efficiency of detection malicious code. Immediately this codes will not infect the system; it will attack server after communicate later. Our research focuses on analyzing the traffic of botnets for the domain name determination to the IP address of the server. This botnet creates the domain name differently. Many domains are generated by attackers and create the huge Domain Name System (DNS) traffic. In this research paper, uses both public and real time environments datasets to detect the text features as well as knowledge based feature extraction. The classifying of Domain Generation Algorithm (DGA) generated malicious domains randomly making the efficiency down in many algorithms which were used preprocessing without proper feature extraction. Effectively, our proposed algorithm is used to detect DGA which generates malicious domains randomly. This effective detection of our proposed algorithm performs with text based label prediction and additional features for extraction to improve the efficiency of the model. Our proposed model achieved 94.9% accuracy for DGA classification with help of additional feature extraction and knowledge based extraction in the deep learning architecture.

References

  1. M. A. Al-Garadi, A. Mohamed, A. K. Al-Ali, X. Du, I. Ali and M. Guizani, "A Survey of Machine and Deep Learning Methods for Internet of Things (IoT) Security," in IEEE Communications Surveys & Tutorials, vol. 22, no. 3, pp. 1646-1685, thirdquarter 2020, doi: 10.1109/COMST.2020.2988293.
  2. T. T. T. Nguyen and G. Armitage, "A survey of techniques for internet traffic classification using machine learning," in IEEE Communications Surveys & Tutorials, vol. 10, no. 4, pp. 56- 76, Fourth Quarter 2008, doi: 10.1109/SURV.2008.080406.
  3. Wu, Shelly & Banzhaf, Wolfgang. (2010). The use of computational intelligence in intrusion detection systems: A review. Applied Soft Computing. 10. 1-35. 10.1016/j.asoc.2009.06.019.
  4. Berman, Daniel & Buczak, Anna & Chavis, Jeffrey & Corbett, Cherita. (2019). A Survey of Deep Learning Methods for Cyber Security. Information. 10. 122. 10.3390/info10040122.
  5. Babu R, Mohammed & R, Vinayakumar & Kp, Soman. (2018). A short review on Applications of Deep learning for Cyber security.
  6. Chen, Mu-Yen & Chiang, Hsiu-Sen & Lughofer, Edwin & Egrioglu, Erol. (2020). Deep learning: emerging trends, applications and research challenges. Soft Computing. 24. 1-4.10.1007/s00500-020-04939-z.
  7. A. Humayed, J. Lin, F. Li and B. Luo, "Cyber-Physical Systems Security—A Survey," in IEEE Internet of Things Journal, vol. 4, no. 6, pp. 1802-1831, Dec. 2017,doi:10.1109/JIOT.2017.2703172.
  8. Hwang, Chanwoong & Kim, Hyosik & Lee, Hooki & Lee, Taejin. (2020). Effective DGA- Domain Detection and Classification with TextCNN and Additional Features. Electronics. 9.1070. 10.3390/electronics9071070.
  9. Deng, Li & Yu, Dong. (2013). Deep Learning: Methods and Applications. Foundations and Trends in Signal Processing. 7. 10.1561/2000000039.
  10. Amara, Dinesh & Thodupunoori, Harish & R, Vinayakumar & Kp, Soman & Poornachandran, Prabaharan & Alazab, Mamoun & Venkatraman, Sitalakshmi. (2019). “Enhanced Domain Generating Algorithm Detection Based on Deep Neural Networks” 10.1007/978-3-030-13057-2_7.
  11. Tran, D.; Mac, H.; Tong, V. A LSTM based framework for handling multiclass imbalance in DGA botnet detection. Neurocomputing 2018, 275, 2401–2413.
  12. Liou, C.Y.; Cheng, W.C.; Liou, J.W.; Liou, D.R. Autoencoder for words. Neurocomputing 2014, 139, 84–96.
  13. Chin, T.; Xiong, K.Q.; Hu, C.B.; Li, Y. A machine learning framework for studying domain generation algorithm (DGA)-based malware. In Proceedings of the International Conference on Security and Privacy in Communication Systems, Singapore, 8–10 August 2018.
  14. Woodbridge, H.S.J.; Anderson, A.A.; Grant, D. Predicting domain generation algorithms with long short-term memory networks. arXiv 2016, arXiv:1611.00791.
  15. Qiao, Y.; Zhang, B.; Zhang, W.; Sangaiah, A.K.; Wu, H. DGA Domain Name Classification Method Based on Long Short-Term Memory with Attention Mechanism. Appl. Sci. 2019, 9,4205.
  16. Yu, B.; Daniel, L.G.; Pan, J.; Martine, D.C.; Anderson, C.A.; Nascimento, Y. Inline DGA detection with deep networks. In Proceedings of the 2017 IEEE International Conference on Data Mining Workshops (ICDMW), New Orleans, LA, USA, 18–21 November 2017; pp. 683–692.
  17. Pechenizkiy, Mykola & Puuronen, Seppo & Tsymbal, Alexey. (2003). Feature Extraction for Classification in Knowledge Discovery Systems. 526-532. 10.1007/978-3-540-45224-9_72.
  18. Alkahtani, Hasan et al. “Adaptive Anomaly Detection Framework Model Objects in Cyberspace.” Applied Bionics and Biomechanics 2020 (2020): https;//doi.org/10.1155/2020/6660489
  19. Dasgupta D, Akhtar Z, Sen S. Machine learning in cybersecurity: a comprehensive survey. The Journal of Defense Modeling and Simulation. September 2020. doi:10.1177/1548512920951275
  20. Bi, Mengxiao et al. “Very deep convolutional neural networks for LVCSR.” INTERSPEECH (2015).
  21. P. Raghavan and N. E. Gayar, "Fraud Detection using Machine Learning and Deep Learning," 2019 International Conference on Computational Intelligence and Knowledge Economy (ICCIKE), Dubai, United Arab Emirates, 2019, pp. 334-339, doi: 10.1109/ICCIKE47802.2019.9004231.
  22. Sainath, Tara & Kingsbury, Brian & Mohamed, Abdel-rahman & Dahl, George & Saon, George & Soltau, Hagen & Beran, Tomas & Aravkin, Aleksandr & Ramabhadran, Bhuvana. (2013). “Improvements to Deep Convolutional Neural Networks for LVCSR” 10.1109/ASRU.2013.6707749.
  23. Lai, Yingxu & Zhang, Jingwen & Liu, Zenghui. (2019). “Industrial Anomaly Detection and Attack Classification Method Based on Convolutional Neural Network”. Security and Communication Networks 2019. 1-11. 10.1155/2019/8124254.
  24. Wu, Yirui et al. “Network Attacks Detection Methods Based on Deep Learning Techniques: A Survey.” Security and Communication Networks 2020 (2020): 1-17.
  25. Bakhshi, Taimur & Ghita, B.V.. (2016). “On Internet Traffic Classification: A Two-Phased Machine Learning Approach” Journal of Computer Networks and Communications. Volume 2016 (2016). 21 pages. 10.1155/2016/2048302.