DGA Domain Name Detection Combining Attention Mechanisms and Parallel Hybrid Network

Abstract

Abstract: Statistical feature-based DGA domain name detection methods relies on complex feature engineering， while the existing end-to-end deep learning methods perform poorly in the multi-classification tasks. To address these problems， a DGA domain name detection method combining attention mechanisms and parallel hybrid networks is proposed. Firstly, deep pyramid convolutional neural networks is introduced to extract deep semantic information of domain names, and DPCNN-SE is proposed by improving DPCNN using the channel attention block called SENet, which can learn inter-channel relationships adaptively and suppress the transmission of useless features. Meanwhile, the self-attention mechanism and the bidirectional long short-term memory network are combined to construct the BiLSTM-SA network to capture the most representative global temporal features in domain name data. Finally, the features extracted by the two networks are fused and fed into the softmax layer to output the classification results. The experimental results show that the method increases the F1-score by 10.30 percentage points and 10.18 percentage points in the multi-classification task of domain name family compared with the single model of CNN and LSTM， respectively; the F1-score increases by 5.97 percentage points and 4.87 percentage points， respectively， compared with the existing hybrid model method Bilbo and BiGRU-MCNN， and has lower computational complexity.

Key words: DGA domain name detection, feature fusion, end-to-end, long short-term memory neural network, convolutional neural network

LIU Li-ting, OU Yu-yi. DGA Domain Name Detection Combining Attention Mechanisms and Parallel Hybrid Network[J]. Computer and Modernization, 2022, 0(09): 119-126.

References ［25］

［1］	ZHAUNIAROVICH Y, KHALIL I, YU T, et al. A survey on malicious domains detection through DNS data analysis［J］. ACM Computing Surveys, 2018,51（4）:1-36
［2］	KHARRAZ A, ROBERTSON W, BALIAROTTI D, et al. Cutting the gordian knot: A look under the hood of ransomware attacks［C］// Springer International Publishing. 2016:3-24.
［3］	PATSAKIS C, CASINO F, KATOS V. Encrypted and covert DNS queries for botnets: Challenges and countermeasures［J］. Computers & Security, 2020,88:101614.
［4］	MARK WARD. Cryptolocker Victims to Get Files Back for Free［EB/OL］. （2014-08-06）［2021-12-05］. https://www.bbc.com/news/techn-ology-28661463．
［5］	WIKIBOOKS. Conficker［EB/OL］. ［2021-12-05］. https://en.wikipedia.org/wiki/Conficker.
［6］	BADER J. The DGA of Ramnit［EB/OL］. ［2021-12-05］. https://johannesbader.ch/2014/12/the-dga-of-ramnit/.
［7］	沙泓州,刘庆云,柳厅文,等. 恶意网页识别研究综述［J］. 计算机学报, 2016,39（3）:529-542.
［8］	YADAV S, REDDY A K K, REDDY A L N, et al. Detecting algorithmically generated domain-flux attacks With DNS traffic analysis［J］. IEEE/ACM Transactions on Networking, 2012,20（5）:1663-1677.〖HJ1mm〗
［9］	张维维,龚俭,刘茜,等. 基于词素特征的轻量级域名检测算法［J］. 软件学报, 2016,27（9）:2348-2364.
［10］	王媛媛,吴春江,刘启和,等. 恶意域名检测研究与应用综述［J］. 计算机应用与软件, 2019,36（9）:310-316.
［11］	YANG L H, ZHAI J T, LIU W W, et al. Detecting word-based algorithmically generated domains using semantic analysis［J］. Symmetry, 2019,11（2）:176.
［12］	SELVI J, RODRGUEZ R J. SORIA-OLIVAS E. Detection of algorithmically generated malicious domain names using masked N-grams［J］. Expert Systems with Applications, 2019,124:156-163.
［13］	TONG V, NGUYEN G. A method for detecting DGA botnet based on semantic and cluster analysis［C］// Proceedings of the 7th Symposium on Information and Communication Technology. 2016:272-277.
［14］	WOODBRIDGE J, ANDERSON H S, AHUJA A, et al. Predicting domain generation algorithms with long short-term memory networks［J］. arXiv preprint arXiv:1611.00791, 2016.
［15］	QIAO Y C, ZHANG B, ZHANG W Z, et al. DGA domain name classification method based on long short-term memory with attention mechanism［J］. Applied Sciences, 2019,9（20）:4205.
［16］	YANG L H, LIU G J, WANG J W, et al. Fast3DS: A real-time full-convolutional malicious domain name detection system［J］. Journal of Information Security and Applications, 2021,61:102933.
［17］	HIGHNAM K, PUZIO D, LUO S, et al. Real-time detection of dictionary dga network traffic using deep learning［J］. SN Computer Science, 2021,2（2）:1-17.
［18］	CHEN Y J, PANG B, SHAO G L, et al. DGA-based botnet detection toward imbalanced multiclass learning［J］. Tsinghua Science and Technology, 2021,26（4）:387-402.
［19］	王志强,李舒豪,池亚平,等. 基于深度学习的恶意DGA域名检测［J］. 计算机工程与设计, 2021,42（3）:601-606.
［20］	CHEN C Q, PAN L L, XIE X L. DGA domain name detection based on BiGRU-MCNN［C］// Proceedings of the 2019 4th International Conference on Intelligent Information Processing. 2019:315-319.
［21］	杜鹏,丁世飞. 基于混合词向量深度学习模型的DGA域名检测方法［J］. 计算机研究与发展, 2020,57（2）:433-446.
［22］	HU J, SHEN L, SUN G. Squeeze-and-excitation networks［C］// Proceedings of the 2018 IEEE Conference on Computer Vision and Pattern Recognition. 2018:7132-7141.
［23］	JOHNSON R, ZHANG T. Deep pyramid convolutional neural networks for text categorization［C］// Proceedings of the 55th Annual Meeting of the Association for Computational Linguistics. 2017:562-570.
［24］	HE K M, ZHANG X Y, REN S Q, et al. Identity mappings in deep residual networks［C］// European Conference on Computer Vision. 2016:630-645.
［25］	SAXE J, BERLIN K. EXpose: A character-level convolutional neural network with embeddings for detecting malicious URLs， file paths and registry keys［J］. arXiv preprint arXiv:1702.08568, 2017.

[1]	ZHOU Cheng-cheng, ZENG Qing-jun, YANG Kang, HU Jia-ming, HAN Chun-wei. EEG Recognition of Motor Imagination Based on Efficiency Channel Attention Module [J]. Computer and Modernization, 2023, 0(12): 19-23.
[2]	NING Juan, ZHOU Qing-hua, ZENG Xiao-wei. Application of Improved YOLOv7 Algorithm in Detection of Capping Defects of Vials [J]. Computer and Modernization, 2023, 0(12): 82-86.
[3]	CHEN Jun-yi. Health Event Prediction Model Based on Dynamic and Static Features of Graph Nodes [J]. Computer and Modernization, 2023, 0(10): 39-44.
[4]	XING Shi-shuai, LIU Dan-feng, WANG Li-guo, PAN Yue-tao, MENG Ling-hong, YUE Xiao-han. Image Super-resolution Reconstruction Based on Spatial Attention Residual Network [J]. Computer and Modernization, 2023, 0(10): 45-52.
[5]	LIU Fu-qi, ZHANG Da, SONG Jian-hua, WANG Hai-dong. Fault Diagnosis of Hydraulic Systems Based on CNN-BiLSTM [J]. Computer and Modernization, 2023, 0(09): 10-19.
[6]	CHEN Jia-min, ZHANG Bo-quan, MAI Hai-peng. Hippocampus Segmentation Based on Feature Fusion [J]. Computer and Modernization, 2023, 0(08): 1-6.
[7]	ZENG Li-li, TANG Hua-bei, NIU Yi-xiao, MENG Fan-yue. Lithofacies Identification Method Based on LSTM Stacked Residual Network [J]. Computer and Modernization, 2023, 0(08): 38-43.
[8]	WANG Hong, GE Hong. Cross Modal Hash Retrieval Based on Attention Mechanism and Semantic Similarity [J]. Computer and Modernization, 2023, 0(08): 44-53.
[9]	JIANG Lei, TANG Jian, YANG Chao-yue, LYU Ting-ting. Bearing Fault Diagnosis Based on CWGAN-GP and CNN [J]. Computer and Modernization, 2023, 0(07): 1-6.
[10]	XU Ye-tong, GENG Xin-zhe, ZHAO Wei-qiang, ZHANG Yue, NING Hai-long, LEI Tao. A Remote Sensing Image Change Detection Model Based on CNN-Transformer Hybrid Structure [J]. Computer and Modernization, 2023, 0(07): 79-85.
[11]	ZHU Jian-bo, GE Ming-feng, DONG Wen-fei. Alzheimer’s Disease Image Classification Based on Improved EfficientNet [J]. Computer and Modernization, 2023, 0(06): 56-61.
[12]	LIU Jia-jia, HU Xu-xin, YU Ping. Monocular Depth Estimation Method by Aggregating Multi-dimensional Attention Features [J]. Computer and Modernization, 2023, 0(06): 76-81.
[13]	LIU Jing, CHEN Jin-guang. Image Caption Generation Method Based on Channel Attention and Transformer [J]. Computer and Modernization, 2023, 0(05): 8-12.
[14]	WANG Xin-yi, YIN Si-qing, HONG Jun. Asymmetric Deep Supervised Hashing with Attention Mechanism [J]. Computer and Modernization, 2023, 0(05): 26-31.
[15]	SU Jin-ku, GUI Zhi-ming. Prediction of Short-term Taxi Flow Based on Spatio-temporal Characteristics [J]. Computer and Modernization, 2023, 0(05): 32-38.