A generation method of malicious domain name training data based on generating adversarial network

Abstract

Abstract: Domain generation algorithm(DGA) is widely used by cyber attackers to generate a large number of random domain names to evade detection at present. While the existing DGA domain name detection can not effectively detect unknown malicious domains, because these models are all trained and constructed on publicly available datasets. In this paper, an autoencoder(AE) is first trained using real domain names, and then it is combined with the generative adversarial network(GAN) to construct a new DGA domain name generating model. Experiment results show that the sequences generated by this model are similar to the Alexa domain names in terms of length and character distribution, and it also can effectively reduce the performance of the DGA domain name classifier based on a long short-term memory (LSTM) network. These generated sequences enrich the malicious domain name dataset, which can significantly improve the performance of existing DGA domain name detectors with further utilization.

Key words: malicious domains, DGA, AE, GAN

CLC Number:

TP273

LIU Wei-shan, MA Xu-qi, WANG Hang, WU Zi-yan. A generation method of malicious domain name training data based on generating adversarial network[J]. Journal of Lanzhou University of Technology, 2023, 49(6): 100-106.

References

[1] 国家互联网应急处理协调中心.2020年中国互联网网络安全报告[EB/OL].(2021-07-21)[2021-10-30].https://www.cert.org.cn/publish/main/upload/File/2020%20Annual%20Report.pdf.
[2] 方滨兴,崔翔,王威.僵尸网络综述[J].计算机研究与发展,2011,48(8):1315-1331.
[3] 李可,方滨兴,崔翔,等.僵尸网络发展研究[J].计算机研究与发展,2016,53(10):2189-2206.
[4] WOODBRIDGE J,ANDERSON H S,AHUJA A,et al.Predicting domain generation algorithms with long short-term memory networks[J/OL].[2021-10-12].http://arxiv.org/1611.00791.pdf.
[5] HOCHREITER S,SCHMIDHUBER J.Long short-term mem-ory[J].Neural Computation,1997,9(8):1735-1780.
[6] YU B,PAN J,HU J M,et al.Character level based detection of DGA domain names[C]//2018 International Joint Conference on Neural Networks (IJCNN).Rio de Janeiro:IEEE,2018:1-8.
[7] 袁辰,钱丽萍,张慧,等.基于生成对抗网络的恶意域名训练数据生成[J].计算机应用研究,2019,36(5):1540-1543.
[8] ANDERSON H S,WOODBRIDGE J,FILAR B.DeepDGA:adversarially-tuned domain generation and detection[C]//Proceedings of the 2016 ACM Workshop on Artificial Intelligence and Security.Vienna:ACM,2016:13-21.
[9] 张澍寰.基于深度学习的恶意域名检测方法研究[D].兰州:兰州理工大学,2021.
[10] AN J,CHO S.Variational autoencoder based anomaly detection using reconstruction probability[J].Special Lecture on IE,2015,2(1):1-18.
[11] GOODFELLOW I J,POUGET-ABADIE J,MIRZA M,et al.Generative adversarial nets[C/OL].[2021-10-12].https://proceedings.neurips.cc/papaer_files/paper/2014/file/sca3e9b122f61f8f06494c97b1afccf3-Paper.pdf.
[12] GOODFELLOW I J,BENGIO Y,COURVILLE A.Deep learning[M].Cambridge:MIT Press,2016.
[13] CRESWELL A,WHITE T,DUMOULIN V,et al.Generative adversarial networks:an overview[J].IEEE Signal Processing Magazine,2018,35(1):53-65.
[14] 王媛媛,吴春江,刘启和,等.恶意域名检测研究与应用综述[J].计算机应用与软件,2019,36(9):311-314.
[15] GRETTON A,BORGWARDT K M,RASCH M J,et al.A kernel two-sample test[J].The Journal of Machine Learning Research,2012,13(1):723-773.
[16] GOVINDAN R,REDDY A.An analysis of internet inter-domain routing and route stability[C]//IEEE INFOCOM’97.Kobe:IEEE,1997:850-857.