menu ☰
menu ˟

Applied Sciences, Vol. 9, Pages 4205: DGA Domain Name Classification Method Based on Long Short-Term Memory with Attention Mechanism

09 Oct 2019

Applied Sciences, Vol. 9, Pages 4205: DGA Domain Name Classification Method Based on Long Short-Term Memory with Attention Mechanism

Applied Sciences doi: 10.3390/app9204205

Authors:
Yanchen Qiao
Bin Zhang
Weizhe Zhang
Arun Kumar Sangaiah
Hualong Wu

Currently, many cyberattacks use the Domain Generation Algorithm (DGA) to generate random domain names, so as to maintain communication with the Communication and Control (C&C) server. Discovering DGA domain names in advance could help to detect attacks and response in time. However, in recent years, the General Data Protection Regulation (GDPR) has been promulgated and implemented, and the method of DGA classification based on the context information, such as the WHOIS (the information about the registered users or assignees of the domain name) , is no longer applicable. At the same time, acquiring the DGA algorithm by reversing malware samples encounters the problem of no malware samples for various reasons, such as fileless malware. We propose a DGA domain name classification method based on Long Short-Term Memory (LSTM) with attention mechanism. This method is oriented to the character sequence of the domain name, and it uses the LSTM combined with attention mechanism to construct the DGA domain name classifier to achieve the rapid classification of domain names. The experimental results show that the method has a good classification result.

Click here to view the full article which appeared in Applied Sciences