BadDGA: Backdoor Attack on LSTM-Based Domain Generation Algorithm Detector-Reference-Cited by-同舟云学术

BadDGA: Backdoor Attack on LSTM-Based Domain Generation Algorithm Detector

Published:2023-02-01 Issue:3 Volume:12 Page:736
ISSN:2079-9292
Container-title:Electronics
language:en
Short-container-title:Electronics

Author:

Zhai You¹,Yang Liqun²,Yang Jian¹^ORCID,He Longtao³,Li Zhoujun¹

Affiliation:

1. State Key Lab of Software Development Environment, Beihang University, Beijing 100191, China

2. School of Cyber Science and Technology, Beihang University, Beijing 100191, China

3. National Computer Network Emergency Response Technical Team/Coordination Center of China, Beijing 100029, China

Abstract

Due to the outstanding performance of deep neural networks (DNNs), many researchers have begun to transfer deep learning techniques to their fields. To detect algorithmically generated domains (AGDs) generated by domain generation algorithm (DGA) in botnets, a long short-term memory (LSTM)-based DGA detector has achieved excellent performance. However, the previous DNNs have found various inherent vulnerabilities, so cyberattackers can use these drawbacks to deceive DNNs, misleading DNNs into making wrong decisions. Backdoor attack as one of the popular attack strategies strike against DNNs has attracted widespread attention in recent years. In this paper, to cheat the LSTM-based DGA detector, we propose BadDGA, a backdoor attack against the LSTM-based DGA detector. Specifically, we offer four backdoor attack trigger construction methods: TLD-triggers, Ngram-triggers, Word-triggers, and IDN-triggers. Finally, we evaluate BadDGA on ten popular DGA datasets. The experimental results show that under the premise of 1‰ poisoning rate, our proposed backdoor attack can achieve a 100% attack success rate to verify the effectiveness of our method. Meanwhile, the model’s utility on clean data is influenced slightly.

Funder

National Natural Science Foundation of China

Key Laboratory of Power Grid Automation of China Southern Power Grid Co., Ltd.

State Key Laboratory of Software Development Environment

Publisher

MDPI AG

Subject

Electrical and Electronic Engineering,Computer Networks and Communications,Hardware and Architecture,Signal Processing,Control and Systems Engineering

Link

https://www.mdpi.com/2079-9292/12/3/736/pdf

Reference49 articles.

1. Jadeite: A novel image-behavior-based approach for Java malware detection using deep learning;Obaidat;Comput. Secur.,2022

2. Han, D., Wang, Z., Chen, W., Zhong, Y., Wang, S., Zhang, H., Yang, J., Shi, X., and Yin, X. (2021, January 15–19). DeepAID: Interpreting and Improving Deep Learning-based Anomaly Detection in Security Applications. Proceedings of the CCS 2021, Virtual.

3. Oh, S.E., Yang, T., Mathews, N., Holland, J.K., Rahman, M.S., Hopper, N., and Wright, M. (2022, January 22–26). DeepCoFFEA: Improved Flow Correlation Attacks on Tor via Metric Learning and Amplification. Proceedings of the 2022 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA.

4. Woodbridge, J., Anderson, H.S., Ahuja, A., and Grant, D. (2016). Predicting domain generation algorithms with long short-term memory networks. arXiv.

5. Fu, C., Li, Q., Shen, M., and Xu, K. (2021, January 15–19). Realtime Robust Malicious Traffic Detection via Frequency Domain Analysis. Proceedings of the ACM CCS 2021, Virtual.

Cited by 1 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Hybrid Machine Learning Model for Efficient Botnet Attack Detection in IoT Environment;IEEE Access;2024