DeepD2V - Deep Learning and Domain Word Embeddings for DGA based Malware Detection

Lucas  Torrealba; Pedro Casas-Hernandez; Javier Bustos-Jiménez; Germán Capdehourat; Mislav  Findrik

doi:10.1109/ICMLCN59089.2024.10624693

DeepD2V - Deep Learning and Domain Word Embeddings for DGA based Malware Detection

Lucas Torrealba, Pedro Casas-Hernandez (Autor:in und Vortragende:r), Javier Bustos-Jiménez, Germán Capdehourat, Mislav Findrik

Data Science & Artifical Intelligence

Publikation: Beitrag in Buch oder Tagungsband › Vortrag mit Beitrag in Tagungsband › Begutachtung

Abstract

The rapid detection of Domain Generation Algorithm (DGA) domains plays a critical role in mitigating malware propagation and its potential impact, as well as in limiting botnet activity coordination through command and control (C&C) servers. We introduce DeepD2V, a deep learning driven approach for highly accurate detection of DGA-generated domains, leveraging word embeddings learned from observed domain names in DNS queries or browsing URLs. Domain embeddings are constructed with Dom2Vec (D2V), a novel technique which builds on top of word embedding models (e.g., Word2Vec) to map words and tokens extracted from domain names into highly expressive representations. DeepD2V integrates a deep Convolutional Neural Network (CNN) architecture to make the most out of the D2V embeddings, realizing unprecedented detection performance for low false-alarm rates. Through experimental evaluation on a large-scale dataset (almost 400,000 domains) comprising 25 distinct families of DGA domains, we demonstrate the superiority of D2V embeddings as compared to standard, n-gram based like features commonly used in the literature for DGA detection. We show that DeepD2V significantly outperforms current state-of-the-art approaches for DGA detection and analysis based on shallow learning and lexicographic analysis, realizing precision and recall performance above 97%.

Originalsprache	Englisch
Titel	2024 IEEE International Conference on Machine Learning for Communication and Networking
Untertitel	ICMLCN
Seiten	164-170
Seitenumfang	7
ISBN (elektronisch)	979-8-3503-4319-9
DOIs	https://doi.org/10.1109/ICMLCN59089.2024.10624693
Publikationsstatus	Veröffentlicht - 15 Aug. 2024
Veranstaltung	2024 IEEE International Conference on Machine Learning for Communication and Networking - Stockholm, Stockholm, Schweden Dauer: 5 Mai 2024 → 8 Mai 2024

Konferenz

Konferenz	2024 IEEE International Conference on Machine Learning for Communication and Networking
Kurztitel	ICMLCN 2024
Land/Gebiet	Schweden
Stadt	Stockholm
Zeitraum	5/05/24 → 8/05/24

Research Field

Multimodal Analytics

Zugriff auf Dokument

10.1109/ICMLCN59089.2024.10624693Lizenz: Nicht angegeben

Diese Publikation zitieren

@inproceedings{b264d3e72c5144daa50066186d90f301,

title = "DeepD2V - Deep Learning and Domain Word Embeddings for DGA based Malware Detection",

abstract = "The rapid detection of Domain Generation Algorithm (DGA) domains plays a critical role in mitigating malware propagation and its potential impact, as well as in limiting botnet activity coordination through command and control (C&C) servers. We introduce DeepD2V, a deep learning driven approach for highly accurate detection of DGA-generated domains, leveraging word embeddings learned from observed domain names in DNS queries or browsing URLs. Domain embeddings are constructed with Dom2Vec (D2V), a novel technique which builds on top of word embedding models (e.g., Word2Vec) to map words and tokens extracted from domain names into highly expressive representations. DeepD2V integrates a deep Convolutional Neural Network (CNN) architecture to make the most out of the D2V embeddings, realizing unprecedented detection performance for low false-alarm rates. Through experimental evaluation on a large-scale dataset (almost 400,000 domains) comprising 25 distinct families of DGA domains, we demonstrate the superiority of D2V embeddings as compared to standard, n-gram based like features commonly used in the literature for DGA detection. We show that DeepD2V significantly outperforms current state-of-the-art approaches for DGA detection and analysis based on shallow learning and lexicographic analysis, realizing precision and recall performance above 97%.",

author = "Lucas Torrealba and Pedro Casas-Hernandez and Javier Bustos-Jim{\'e}nez and Germ{\'a}n Capdehourat and Mislav Findrik",

year = "2024",

month = aug,

day = "15",

doi = "10.1109/ICMLCN59089.2024.10624693",

language = "English",

isbn = "979-8-3503-4320-5",

pages = "164--170",

booktitle = "2024 IEEE International Conference on Machine Learning for Communication and Networking",

note = "2024 IEEE International Conference on Machine Learning for Communication and Networking , ICMLCN 2024 ; Conference date: 05-05-2024 Through 08-05-2024",

}

Torrealba, L, Casas-Hernandez, P, Bustos-Jiménez, J, Capdehourat, G & Findrik, M 2024, DeepD2V - Deep Learning and Domain Word Embeddings for DGA based Malware Detection. in 2024 IEEE International Conference on Machine Learning for Communication and Networking: ICMLCN. S. 164-170, 2024 IEEE International Conference on Machine Learning for Communication and Networking , Stockholm, Schweden, 5/05/24. https://doi.org/10.1109/ICMLCN59089.2024.10624693

DeepD2V - Deep Learning and Domain Word Embeddings for DGA based Malware Detection. / Torrealba, Lucas ; Casas-Hernandez, Pedro (Autor:in und Vortragende:r); Bustos-Jiménez, Javier et al.
2024 IEEE International Conference on Machine Learning for Communication and Networking: ICMLCN. 2024. S. 164-170.

Publikation: Beitrag in Buch oder Tagungsband › Vortrag mit Beitrag in Tagungsband › Begutachtung

TY - GEN

T1 - DeepD2V - Deep Learning and Domain Word Embeddings for DGA based Malware Detection

AU - Torrealba, Lucas

AU - Bustos-Jiménez, Javier

AU - Capdehourat, Germán

AU - Findrik, Mislav

A2 - Casas-Hernandez, Pedro

PY - 2024/8/15

Y1 - 2024/8/15

N2 - The rapid detection of Domain Generation Algorithm (DGA) domains plays a critical role in mitigating malware propagation and its potential impact, as well as in limiting botnet activity coordination through command and control (C&C) servers. We introduce DeepD2V, a deep learning driven approach for highly accurate detection of DGA-generated domains, leveraging word embeddings learned from observed domain names in DNS queries or browsing URLs. Domain embeddings are constructed with Dom2Vec (D2V), a novel technique which builds on top of word embedding models (e.g., Word2Vec) to map words and tokens extracted from domain names into highly expressive representations. DeepD2V integrates a deep Convolutional Neural Network (CNN) architecture to make the most out of the D2V embeddings, realizing unprecedented detection performance for low false-alarm rates. Through experimental evaluation on a large-scale dataset (almost 400,000 domains) comprising 25 distinct families of DGA domains, we demonstrate the superiority of D2V embeddings as compared to standard, n-gram based like features commonly used in the literature for DGA detection. We show that DeepD2V significantly outperforms current state-of-the-art approaches for DGA detection and analysis based on shallow learning and lexicographic analysis, realizing precision and recall performance above 97%.

AB - The rapid detection of Domain Generation Algorithm (DGA) domains plays a critical role in mitigating malware propagation and its potential impact, as well as in limiting botnet activity coordination through command and control (C&C) servers. We introduce DeepD2V, a deep learning driven approach for highly accurate detection of DGA-generated domains, leveraging word embeddings learned from observed domain names in DNS queries or browsing URLs. Domain embeddings are constructed with Dom2Vec (D2V), a novel technique which builds on top of word embedding models (e.g., Word2Vec) to map words and tokens extracted from domain names into highly expressive representations. DeepD2V integrates a deep Convolutional Neural Network (CNN) architecture to make the most out of the D2V embeddings, realizing unprecedented detection performance for low false-alarm rates. Through experimental evaluation on a large-scale dataset (almost 400,000 domains) comprising 25 distinct families of DGA domains, we demonstrate the superiority of D2V embeddings as compared to standard, n-gram based like features commonly used in the literature for DGA detection. We show that DeepD2V significantly outperforms current state-of-the-art approaches for DGA detection and analysis based on shallow learning and lexicographic analysis, realizing precision and recall performance above 97%.

U2 - 10.1109/ICMLCN59089.2024.10624693

DO - 10.1109/ICMLCN59089.2024.10624693

M3 - Conference Proceedings with Oral Presentation

SN - 979-8-3503-4320-5

SP - 164

EP - 170

BT - 2024 IEEE International Conference on Machine Learning for Communication and Networking

T2 - 2024 IEEE International Conference on Machine Learning for Communication and Networking

Y2 - 5 May 2024 through 8 May 2024

ER -

DeepD2V - Deep Learning and Domain Word Embeddings for DGA based Malware Detection

Abstract

Konferenz

Research Field

Zugriff auf Dokument

Fingerprint

Diese Publikation zitieren