Abstract
Network attacks using Command and Control (C&C) servers have increased significantly. To hide their C&C servers, attackers often use Domain Generation Algorithms (DGA), which automatically generate domain names for C&C servers. Researchers have constructed many unique feature sets and detected DGA domains through machine learning or deep learning models. However, due to the limited features contained in the domain name, the DGA detection results are limited. In order to overcome this problem, the domain name features, the Whois features and the N-gram features are extracted for DGA detection. To obtain the N-gram features, the domain name whitelist and blacklist substring feature sets are constructed. In addition, a deep learning model based on BiLSTM, Attention and CNN is constructed. Additionally, the Domain Center is constructed for fast classification of domain names. Multiple comparative experiment results prove that the proposed model not only gets the best Accuracy, Precision, Recall and F1, but also greatly reduces the detection time.
Funder
Guizhou Province
Liupanshui Normal University High level Talent Research Launch Fund
Liupanshui Science and Technology Bureau Fund Project
Liupanshui Normal University Major Comprehensive Reform Pilot Project
the Science and Technology Foundation of Guizhou Province
the Youth Science and Technology Talent Growth Project of Department of Education in Guizhou Province
Publisher
Public Library of Science (PLoS)