Deep Convolutional Neural Network and Character Level Embedding for DGA Detection

Domain generation algorithms (DGA) are algorithms that generate domain names commonly used by botnets and malware to maintain and obfuscate communication between a botclient and command and control (C2) servers. In this work, a method is proposed to detect DGAs based on the classification of short texts, highlighting the use of character-level embedding in the neural network input to obtain meta-features related to the morphology of domain names. A convolutional neural network structure has been used to extract new meta-features from the vectors provided by the embedding layer. Furthermore, relu layers have been used to zero out all non-positive values, and maxpooling layers to analyze specific parts of the obtained meta-features. The tests have been carried out using the Majestic Million dataset for examples of legitimate domains and the NetLab360 dataset for examples of DGA domains, composed of around 56 DGA families. The results obtained have an average accuracy of 99.12% and a precision rate of 99.33%. This work contributes with a natural language processing (NLP) approach to DGA detection, presents the impact of using character-level embedding, relu and maxpooling on the results obtained, and a DGA detection model based on deep neural networks, without feature engineering, with competitive metrics.