A Two-Stream Network Based on Capsule Networks and Sliced Recurrent Neural Networks for DGA Botnet Detection

With the development of Internet technology, botnets have become a major threat to most of the computers over the Internet. Most sophisticated bots use Domain Generation Algorithms (DGAs) to automatically generate a large number of pseudo-random domain names in Domain Name Service (DNS) domain fluxing, which can allow malware to communicate with Command and Control (C&C) server. To cope with this challenge, we built a novel Two-Stream network-based deep learning framework (named TS-ASRCaps) that uses multimodal information to reflect the properties of DGAs. Furthermore, we proposed an Attention Sliced Recurrent Neural Network (ATTSRNN) to automatically mine the underlying semantics. We also used a Capsule Network (CapsNet) with dynamic routing to model high-level visual information. Finally, we emphasized how the multimodal-based model outperforms other state-of-the-art models for the classification of domain names. To the best of our knowledge, this is the first work that the multimodal deep learning have been empirically investigated for DGA botnet detection.

[1]  Yoohwan Kim,et al.  AutoEncoded Domains with Mean Activation for DGA Botnet Detection , 2019, 2019 IEEE 12th International Conference on Global Security, Safety and Sustainability (ICGS3).

[2]  Martine De Cock,et al.  An Evaluation of DGA Classifiers , 2018, 2018 IEEE International Conference on Big Data (Big Data).

[3]  Soroush Vosoughi,et al.  Tweet2Vec: Learning Tweet Embeddings Using Character-level CNN-LSTM Encoder-Decoder , 2016, SIGIR.

[4]  Hai Anh Tran,et al.  A LSTM based framework for handling multiclass imbalance in DGA botnet detection , 2018, Neurocomputing.

[5]  Shuai Li,et al.  Independently Recurrent Neural Network (IndRNN): Building A Longer and Deeper RNN , 2018, 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition.

[6]  Hung-Min Sun,et al.  An Android mutation malware detection based on deep learning using visualization of importance from codes , 2019 .

[7]  Kouichi Sakurai,et al.  Lightweight Classification of IoT Malware Based on Image Recognition , 2018, 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC).

[8]  Giang Nguyen,et al.  A method for detecting DGA botnet based on semantic and cluster analysis , 2016, SoICT.

[9]  Qiaoyan Wen,et al.  Detecting android malware by applying classification techniques on images patterns , 2017, 2017 IEEE 2nd International Conference on Cloud Computing and Big Data Analysis (ICCCBDA).

[10]  Martine De Cock,et al.  Inline DGA Detection with Deep Networks , 2017, 2017 IEEE International Conference on Data Mining Workshops (ICDMW).

[11]  Yoshua Bengio,et al.  Neural Machine Translation by Jointly Learning to Align and Translate , 2014, ICLR.

[12]  Nabendu Chaki,et al.  Byte Label Malware Classification Using Image Entropy , 2018, ACSS.

[13]  Yuewei Dai,et al.  A Novel Detection Method for Word-Based DGA , 2018, ICCCS.

[14]  Miranda Mowbray,et al.  Finding Domain-Generation Algorithms by Looking at Length Distribution , 2014, 2014 IEEE International Symposium on Software Reliability Engineering Workshops.

[15]  John McHugh,et al.  Crossing the threshold: Detecting network malfeasance via sequential hypothesis testing , 2013, 2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[16]  Zhen Xu,et al.  DGASensor: Fast Detection for DGA-Based Malwares , 2017, ICCBN '17.

[17]  Gang Zhou,et al.  A Novel Malware Detection and Classification Method Based on Capsule Network , 2019, ICAIS.

[18]  Tommy Chin,et al.  A Machine Learning Framework for Domain Generation Algorithm-Based Malware Detection , 2019, IEEE Access.

[19]  Stefano Zanero,et al.  Phoenix: DGA-Based Botnet Tracking and Intelligence , 2014, DIMVA.

[20]  Martine De Cock,et al.  Character Level based Detection of DGA Domain Names , 2018, 2018 International Joint Conference on Neural Networks (IJCNN).

[21]  Joewie J. Koh,et al.  Inline Detection of Domain Generation Algorithms with Context-Sensitive Word Embeddings , 2018, 2018 IEEE International Conference on Big Data (Big Data).

[22]  Gongshen Liu,et al.  Sliced Recurrent Neural Networks , 2018, COLING.

[23]  Pablo Torres,et al.  Deep Convolutional Neural Networks for DGA Detection , 2018, CACIC.

[24]  Geoffrey E. Hinton,et al.  Dynamic Routing Between Capsules , 2017, NIPS.

[25]  Jaeyoung Kim,et al.  Text Classification using Capsules , 2018, Neurocomputing.

[26]  Roberto Perdisci,et al.  From Throw-Away Traffic to Bots: Detecting the Rise of DGA-Based Malware , 2012, USENIX Security Symposium.

[27]  Zhen Wang,et al.  A Detection Scheme for DGA Domain Names Based on SVM , 2018 .

[28]  Xiang Zhang,et al.  Character-level Convolutional Networks for Text Classification , 2015, NIPS.

[29]  Michael I. Jordan,et al.  Advances in Neural Information Processing Systems 30 , 1995 .

[30]  Thomas Lukasiewicz,et al.  Long Text Analysis Using Sliced Recurrent Neural Networks with Breaking Point Information Enrichment , 2019, ICASSP 2019 - 2019 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).