Detection of Algorithmically Generated Domain Names using LSTM

Abstract

A network of private computers forms a botnet when they are infected by malicious software and are commanded as a collection, without the owners of the computers being aware of it. Cybercriminals employ botnets for numerous malicious exercises like sending spam, thriving sensitive information, instigating Distributed Denial of Service (DDoS) attacks, etc. A Command and Control (CC) server gives instructions to the jeopardized machines for the execution of spiteful tasks. To evade disclosure, modern botnets like Cryptolocker, Zeus and Conficker use a method termed as Domain Fluxing or Domain Name Generation Algorithms (DGA), in which the infected bot sporadically generates and tries to fix a wide number of pseudorandom domain names till DNS server resolves one of them. In this work, we use Long Short-Term Memory (LSTM), a kind of Recurrent Neural Network (RNN) for the detection of DGAs by analyzing the alphanumeric features of the domain names. The experimental results show that we are able to identify the DGA family of a given domain name with high accuracy using the proposed scheme for most of the DGA families.