The preemptive defenses against various malware created by domain generation algorithms (DGAs) have traditionally been solved using manually-crafted domain features obtained by heuristic process. However, it is difficult to achieve real-world deployment with most research on detecting DGA-based malicious domain names due to poor performance and time consuming. Based on the recent overwhelming success of deep learning networks in a broad range of applications, this article transfers five advanced learned ImageNet models from Alex Net, VGG, Squeeze Net, Inception, Res Net to classify DGA domains and non-DGA domains, which: (i) is suited to automate feature extraction from raw inputs; (ii) has fast inference speed and good accuracy performance; and (iii) is capable of handling large-scale data. The results show that the proposed approach is effective and efficient.
| Published in | International Journal of Intelligent Information Systems (Volume 6, Issue 6) |
| DOI | 10.11648/j.ijiis.20170606.11 |
| Page(s) | 67-71 |
| Creative Commons |
This is an Open Access article, distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution and reproduction in any medium or format, provided the original work is properly cited. |
| Copyright |
Copyright © The Author(s), 2017. Published by Science Publishing Group |
Domain Generation Algorithm (DGA), Recurrent Neural Network (RNN), Deep Learning Architecture, Classification, Transfer Learning
| [1] | Lever C, Kotzias P, Balzarotti D, et al. A Lustrum of Malware Network Communication: Evolution and Insights [C]. Security and Privacy. IEEE, 2017:788-804. |
| [2] | Antonakakis M, Perdisci R, Nadji Y, et al. From throw-away traffic to bots: detecting the rise of DGA-based malware [C]. Usenix Conference on Security Symposium. 2012:24-24. |
| [3] | Zhang Y, Zhang Y, Xiao J. Detecting the DGA-Based Malicious Domain Names [M]. Trustworthy Computing and Services. Springer Berlin Heidelberg, 2013:130-137. |
| [4] | Woodbridge J, Anderson H S, Ahuja A, et al. Predicting Domain Generation Algorithms with Long Short-Term Memory Networks [J]. 2016. |
| [5] | Anderson H S, Woodbridge J, Filar B. Deep DGA: Adversarially-Tuned Domain Generation and Detection [J]. 2016:13-21. |
| [6] | Krizhevsky A, Sutskever I, Hinton G E. ImageNet classification with deep convolutional neural networks [C]. International Conference on Neural Information Processing Systems. Curran Associates Inc. 2012:1097-1105. |
| [7] | Simonyan K, Zisserman A. Very Deep Convolutional Networks for Large-Scale Image Recognition [J]. Computer Science, 2014. |
| [8] | Forrest N. Iandola , Song Han , Matthew W. Moskewicz etc. SqueezeNet: AlexNet-level accuracy with 50x fewer parameters and <0.5MB model size [C]. International Conference on Learning Representations, 2016. |
| [9] | Szegedy C, Vanhoucke V, Ioffe S, et al. Rethinking the Inception Architecture for Computer Vision [C]. Computer Vision and Pattern Recognition. IEEE, 2016:2818-2826. |
| [10] | Szegedy C, Ioffe S, Vanhoucke V, et al. Inception-v4, Inception-Res Net and the Impact of Residual Connections on Learning [J]. 2016. |
| [11] | He K, Zhang X, Ren S, et al. Deep Residual Learning for Image Recognition [C]. Computer Vision and Pattern Recognition. IEEE, 2016:770-778. |
| [12] | Hinton G, Deng L, Yu D, et al. Deep Neural Networks for Acoustic Modeling in Speech Recognition: The Shared Views of Four Research Groups [J]. IEEE Signal Processing Magazine, 2012, 29(6):82-97. |
| [13] | Tianqi Chen, Mu Li, Yutian Li, Min Lin, Naiyan Wang, Minjie Wang, Tianjun Xiao, Bing Xu, Chiyuan Zhang, and Zheng Zhang. MXNet: A Flexible and Efficient Machine Learning Library for Heterogeneous Distributed Systems. In Neural Information Processing Systems, Workshop on Machine Learning Systems, 2015. |
| [14] | Tang S, Han S. Generate Image Descriptions based on Deep RNN and Memory Cells for Images Features [J]. 2016. |
| [15] | S. Hochreiter and J. Schmidhuber. Long short-term memory. Neural Computation, 9(8):1735–1780, 1997. |
| [16] | Woodbridge J, Anderson H S, Ahuja A, et al. Predicting Domain Generation Algorithms with Long Short-Term Memory Networks [J]. 2016. |
| [17] | Zhao B, Huang B, Zhong Y. Transfer Learning With Fully Pre trained Deep Convolution Networks for Land-Use Classification [J]. IEEE Geoscience & Remote Sensing Letters, 2017, 14(9):1436-1440. |
| [18] | “Does Alexa have a list of its top-ranked websites?” https://support.alexa.com/hc/en-us/articles/ 200449834-Does-Alexa-have-a-list-of-its-top-ranked-websites-. Accessed: 2016-04-06. |
APA Style
Feng Zeng, Shuo Chang, Xiaochuan Wan. (2017). Classification for DGA-Based Malicious Domain Names with Deep Learning Architectures. International Journal of Intelligent Information Systems, 6(6), 67-71. https://doi.org/10.11648/j.ijiis.20170606.11
ACS Style
Feng Zeng; Shuo Chang; Xiaochuan Wan. Classification for DGA-Based Malicious Domain Names with Deep Learning Architectures. Int. J. Intell. Inf. Syst. 2017, 6(6), 67-71. doi: 10.11648/j.ijiis.20170606.11
AMA Style
Feng Zeng, Shuo Chang, Xiaochuan Wan. Classification for DGA-Based Malicious Domain Names with Deep Learning Architectures. Int J Intell Inf Syst. 2017;6(6):67-71. doi: 10.11648/j.ijiis.20170606.11
Share This Article
Twitter
Linked In
Facebook
Copy
Download@article{10.11648/j.ijiis.20170606.11,
author = {Feng Zeng and Shuo Chang and Xiaochuan Wan},
title = {Classification for DGA-Based Malicious Domain Names with Deep Learning Architectures},
journal = {International Journal of Intelligent Information Systems},
volume = {6},
number = {6},
pages = {67-71},
doi = {10.11648/j.ijiis.20170606.11},
url = {https://doi.org/10.11648/j.ijiis.20170606.11},
eprint = {https://article.sciencepublishinggroup.com/pdf/10.11648.j.ijiis.20170606.11},
abstract = {The preemptive defenses against various malware created by domain generation algorithms (DGAs) have traditionally been solved using manually-crafted domain features obtained by heuristic process. However, it is difficult to achieve real-world deployment with most research on detecting DGA-based malicious domain names due to poor performance and time consuming. Based on the recent overwhelming success of deep learning networks in a broad range of applications, this article transfers five advanced learned ImageNet models from Alex Net, VGG, Squeeze Net, Inception, Res Net to classify DGA domains and non-DGA domains, which: (i) is suited to automate feature extraction from raw inputs; (ii) has fast inference speed and good accuracy performance; and (iii) is capable of handling large-scale data. The results show that the proposed approach is effective and efficient.},
year = {2017}
}
TY - JOUR T1 - Classification for DGA-Based Malicious Domain Names with Deep Learning Architectures AU - Feng Zeng AU - Shuo Chang AU - Xiaochuan Wan Y1 - 2017/12/06 PY - 2017 N1 - https://doi.org/10.11648/j.ijiis.20170606.11 DO - 10.11648/j.ijiis.20170606.11 T2 - International Journal of Intelligent Information Systems JF - International Journal of Intelligent Information Systems JO - International Journal of Intelligent Information Systems SP - 67 EP - 71 PB - Science Publishing Group SN - 2328-7683 UR - https://doi.org/10.11648/j.ijiis.20170606.11 AB - The preemptive defenses against various malware created by domain generation algorithms (DGAs) have traditionally been solved using manually-crafted domain features obtained by heuristic process. However, it is difficult to achieve real-world deployment with most research on detecting DGA-based malicious domain names due to poor performance and time consuming. Based on the recent overwhelming success of deep learning networks in a broad range of applications, this article transfers five advanced learned ImageNet models from Alex Net, VGG, Squeeze Net, Inception, Res Net to classify DGA domains and non-DGA domains, which: (i) is suited to automate feature extraction from raw inputs; (ii) has fast inference speed and good accuracy performance; and (iii) is capable of handling large-scale data. The results show that the proposed approach is effective and efficient. VL - 6 IS - 6 ER -
Information
Email: