27
IRUS TotalDownloads
Real-time detection of dictionary DGA network traffic using deep learning.
| File | Description | Size | Format | |
|---|---|---|---|---|
 Highnam2021_Article_Real-TimeDetectionOfDictionary.pdf | Published version | 1.48 MB | Adobe PDF | View/Open |
| Title: | Real-time detection of dictionary DGA network traffic using deep learning. |
| Authors: | Highnam, K Puzio, D Luo, S Jennings, NR |
| Item Type: | Journal Article |
| Abstract: | Botnets and malware continue to avoid detection by static rule engines when using domain generation algorithms (DGAs) for callouts to unique, dynamically generated web addresses. Common DGA detection techniques fail to reliably detect DGA variants that combine random dictionary words to create domain names that closely mirror legitimate domains. To combat this, we created a novel hybrid neural network, Bilbo the “bagging” model, that analyses domains and scores the likelihood they are generated by such algorithms and therefore are potentially malicious. Bilbo is the first parallel usage of a convolutional neural network (CNN) and a long short-term memory (LSTM) network for DGA detection. Our unique architecture is found to be the most consistent in performance in terms of AUC, F1 score, and accuracy when generalising across different dictionary DGA classification tasks compared to current state-of-the-art deep learning architectures. We validate using reverse-engineered dictionary DGA domains and detail our real-time implementation strategy for scoring real-world network logs within a large enterprise. In 4 h of actual network traffic, the model discovered at least five potential command-and-control networks that commercial vendor tools did not flag. |
| Issue Date: | 22-Feb-2021 |
| Date of Acceptance: | 6-Feb-2021 |
| URI: | http://hdl.handle.net/10044/1/87710 |
| DOI: | 10.1007/s42979-021-00507-w |
| ISSN: | 2661-8907 |
| Publisher: | Springer |
| Start Page: | 110 |
| End Page: | 110 |
| Journal / Book Title: | SN Computer Science |
| Volume: | 2 |
| Copyright Statement: | © The Author(s) 2021. This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/. |
| Publication Status: | Published |
| Open Access location: | https://link.springer.com/article/10.1007/s42979-021-00507-w |
| Article Number: | 2 |
| Online Publication Date: | 2021-02-22 |
| Appears in Collections: | Computing Electrical and Electronic Engineering Faculty of Natural Sciences |
This item is licensed under a Creative Commons License
