# CharBot: A Simple and Effective Method for Evading DGA Classifiers

**Authors:** Jonathan Peck, Claire Nie, Raaghavi Sivaguru, Charles Grumer, Femi, Olumofin, Bin Yu, Anderson Nascimento, Martine De Cock

arXiv: 1905.01078 · 2019-05-31

## TL;DR

CharBot is a straightforward and efficient black-box adversarial attack that generates unregistered domain names capable of evading state-of-the-art machine learning-based DGA classifiers, exposing their vulnerability.

## Contribution

We introduce CharBot, a novel simple DGA that effectively evades current classifiers without prior knowledge, highlighting the need for more robust detection methods.

## Key findings

- CharBot successfully evades classifiers like FANCI and LSTM.MI.
- Retraining classifiers on CharBot samples is ineffective.
- DGA classifiers relying solely on domain strings are inherently vulnerable.

## Abstract

Domain generation algorithms (DGAs) are commonly leveraged by malware to create lists of domain names which can be used for command and control (C&C) purposes. Approaches based on machine learning have recently been developed to automatically detect generated domain names in real-time. In this work, we present a novel DGA called CharBot which is capable of producing large numbers of unregistered domain names that are not detected by state-of-the-art classifiers for real-time detection of DGAs, including the recently published methods FANCI (a random forest based on human-engineered features) and LSTM.MI (a deep learning approach). CharBot is very simple, effective and requires no knowledge of the targeted DGA classifiers. We show that retraining the classifiers on CharBot samples is not a viable defense strategy. We believe these findings show that DGA classifiers are inherently vulnerable to adversarial attacks if they rely only on the domain name string to make a decision. Designing a robust DGA classifier may, therefore, necessitate the use of additional information besides the domain name alone. To the best of our knowledge, CharBot is the simplest and most efficient black-box adversarial attack against DGA classifiers proposed to date.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1905.01078/full.md

## Figures

2 figures with captions in the complete paper: https://tomesphere.com/paper/1905.01078/full.md

## References

41 references — full list in the complete paper: https://tomesphere.com/paper/1905.01078/full.md

---
Source: https://tomesphere.com/paper/1905.01078