DSQNet: Domain SeQuence based Deep Neural Network for AGDs Detection

Modern botnets widely rely on Algorithmically Generated Domains (AGDs) to contact with Command-and-Control (C&C) servers. Existing AGD detection solutions check the domains one by one based on the structural differences between AGD and benign ones, e.g., some AGD families show much more random character composition than legitimate ones. These methods can hardly deal with the newly emerged camouflage technology based AGD types, as each individual AGD seems benign in domain structure features of itself. In this work, the structural correlations among AGDs are analyzed and we find the inter-AGD correlation can be adopted for the AGD detection. We then propose DSQNet, a Domain SeQuence based Deep Neural Network AGD detection model, that simultaneously checks the domains in batch to take the inter-AGD correlation into consideration during the detection. Experiments on the public and real-world dataset show the superiority of the proposed approach.