DBD

deep learning DGA-based botnet detection

R. Vinayakumar, K. P. Soman, P. Poornachandran, M. Alazab, A. Jolfaei

Research output: Chapter in Book/Report/Conference proceedingChapter

3 Citations (Scopus)

Abstract

Botnets play an important role in malware distribution and they are widely used for spreading malicious activities in the Internet. The study of the literature shows that a large subset of botnets use DNS poisoning to spread out malicious activities and that there are various methods for their detection using DNS queries. However, since botnets generate domain names quite frequently, the resolution of domain names can be very time consuming. Hence, the detection of botnets can be extremely difficult. This chapter propose a novel deep learning framework to detect malicious domains generated by malicious Domain Generation Algorithms (DGA). The proposed DGA detection method, named, Deep Bot Detect (DBD) is able to evaluate data from large scale networks without reverse engineering or performing Non-Existent Domain (NXDomain) inspection. The framework analyzes domain names and categorizes them using statistical features, which are extracted implicitly through deep learning architectures. The framework is tested and deployed in our lab environment. The experimental results demonstrate the effectiveness of the proposed framework and shows that the proposed method has high accuracy and low false-positive rates. The proposed framework is a simple architecture that contains fewer learnable parameters compared to other character-based, short text classification models. Therefore, the proposed framework is faster to train and is less prone to over-fitting. The framework provides an early detection mechanism for the identification of Domain-Flux botnets propagating in a network and it helps keep the Internet clean from related malicious activities.
Original languageEnglish
Title of host publicationDeep learning applications for cyber security
EditorsMamoun Alazab, MingJian Tang
Place of PublicationSwitzerland
PublisherSpringer
Pages127-149
Number of pages23
ISBN (Electronic)9783030130572
ISBN (Print)9783030130565
DOIs
Publication statusPublished - 2019

Publication series

NameAdvanced Sciences and Technologies for Security Applications
PublisherSpringer
ISSN (Print)1613-5113
ISSN (Electronic)2363-9466

Keywords

  • botnet
  • deep learning
  • domain name generation
  • malware
  • cybercrime
  • cyber security
  • domain-flux
  • Keras embedding

Fingerprint Dive into the research topics of 'DBD: deep learning DGA-based botnet detection'. Together they form a unique fingerprint.

  • Cite this

    Vinayakumar, R., Soman, K. P., Poornachandran, P., Alazab, M., & Jolfaei, A. (2019). DBD: deep learning DGA-based botnet detection. In M. Alazab, & M. Tang (Eds.), Deep learning applications for cyber security (pp. 127-149). (Advanced Sciences and Technologies for Security Applications). Switzerland: Springer. https://doi.org/10.1007/978-3-030-13057-2_6