Evaluating Deep Learning Approaches to Characterize and Classify the DGAs at Scale (https://content.iospress.com/articles/journal-of-intelligent-and-fuzzy-systems/ifs169423)
Detecting Credit Card Fraud: A Machine Learning Approach
Ista presentation-dga
1. Evaluating Deep Learning
Approaches to Characterize and
Classify the DGAs at Scale
Vinayakumar R1, K.P Soman1, Prabaharan Poornachandran2 and Sachin Kumar S1
1Centre for Computational Engineering and Networking (CEN), Amrita School of
Engineering, Coimbatore, Amrita Vishwa Vidyapeetham,
Amrita University, India.
2Center for Cyber Security Systems and Networks, Amrita School of Engineering,
Amritapuri, Amrita Vishwa Vidyapeetham,
Amrita University, India.
2. Outline
• Introduction
• Background information / Related works
• Proposed Method – Deep Learning
• Description of the data set and Results
• Summary
• Future Work
• References
2
3. Introduction
• Adversaries frequently use domain names to
connect malware to command and control
servers (C2C). These domain names are
hardcoded.
• Hardcoded domain names are easy to blacklist
or sinkhole [1].
• To evade blacklisting, adversaries use the
concept of domain generation algorithms
(DGAs).
3
4. Background information / Related works
• DGAs generate pseudo random domain names
periodically and connects them to a C2C server. The
pseudo random domain names are generated based on
a seed. A seed is a combination of numeric, alphabet,
date/time and other information.
• Machine learning methods with Feature engineering
used to detect the DGA based malware.
• Deep learning is a new field of machine learning that
has the capability to obtain optimal feature
representation by taking raw domain names as input
[2].
4
6. Description of the data set and Results
Legitimate domain names from Alexa [3] and OpenDNS [4] and
malicious domain names are generated using publically
accessible algorithm [5] and OSNIT DGA feeds [6].
6
9. Summary
• Deep learning based approach is proposed to
classify the DGA generated domains.
• Deep learning approaches have performed
well in comparison to the classical machine
learning algorithms.
• Deep learning approaches are
advantageous over other techniques as they
are featureless, using raw domain names as its
input.
9
10. Future Work
• This study has used only 17 malware families.
Thus studying the effectiveness of deep
learning mechanisms with more number of
malware families will be considered as one of
significant direction towards future work.
• Additionally, this paper has not discussed the
inner mechanics of the deep learning
networks. This might be considered as an
important towards in real-time deployment.
10
11. References
[1] Kührer, Marc, Christian Rossow, and Thorsten Holz.
"Paint it black: Evaluating the effectiveness of malware
blacklists." International Workshop on Recent Advances
in Intrusion Detection. Springer, Cham, 2014.
[2] LeCun, Yann, Yoshua Bengio, and Geoffrey Hinton.
"Deep learning." Nature 521.7553 (2015): 436-444.
[3] https://support.alexa.com/
[4] https://umbrella.cisco.com/blog
[5] https://github.com/baderj/domain-generation-
algorithms
[6] http://osint.bambenekconsulting.com/feeds/
11