Detecting Algorithmically Generated Domains Using a GCNN-LSTM Hybrid Neural Network

TL;DR

This paper introduces a novel hybrid neural network model combining GCNN and LSTM to effectively detect algorithmically generated domains used by botnets, outperforming existing detection methods.

Contribution

The paper proposes a new GCNN-LSTM hybrid neural network model for AGD detection, demonstrating superior performance over current state-of-the-art models.

Findings

GLHNN achieves the best detection accuracy among tested models.

The model effectively extracts features from domain names for classification.

Experimental validation covers six classes of DGAs.

Abstract

Domain generation algorithm (DGA) is used by botnets to build a stealthy command and control (C&C) communication channel between the C&C server and the bots. A DGA can periodically produce a large number of pseudo-random algorithmically generated domains (AGDs). AGD detection algorithms provide a lightweight, promising solution in response to the existing DGA techniques. In this paper, a GCNN (gated convolutional neural network)-LSTM (long short-term memory) Hybrid Neural Network (GLHNN) for AGD detection is proposed. In GLHNN, GCNN is applied to extract the informative features from domain names on top of LSTM which further processes the feature sequence. GLHNN is experimentally validated using representative AGDs covering six classes of DGAs. GLHNN is compared with the state-of-the-art detection models and demonstrates the best overall detection performance among these tested models.