当前位置: X-MOL 学术IEEE Trans. Inform. Forensics Secur. › 论文详情
Khaos: An Adversarial Neural Network DGA With High Anti-Detection Ability
IEEE Transactions on Information Forensics and Security ( IF 6.211 ) Pub Date : 2019-12-18 , DOI: 10.1109/tifs.2019.2960647
Xiaochun Yun; Ji Huang; Yipeng Wang; Tianning Zang; Yuan Zhou; Yongzheng Zhang

A botnet is a network of remote-controlled devices that are infected with malware controlled by botmasters in order to launch cyber attacks. To evade detection, the botmaster frequently changes the domain name of his Command and Control (C&C) server. Notice that most of these types of domain names are generated by domain generation algorithms (DGAs). In this paper, we propose Khaos, a novel DGA with high anti-detection ability based on neural language models and the Wasserstein Generative Adversarial Network (WGAN). The key insight of our research is that real domain names are composed of readable syllables and acronyms, and thus we can arrange syllables and acronyms using neural language models to mimic real domain names. In Khaos, we first find the most common ${n}$ -grams in real domain names, then tokenize these domain names into ${n}$ -grams, and finally synthesize new domain names after learning arrangements of ${n}$ -grams from real domain names. We carry out experiments using a variety of state-of-the-art DGA detection approaches: the statistics-based, the distribution-based, the LSTM-based and the graph-based detection approach. Our experimental results show that the average distance for detecting Khaos under the distribution-based detection approach is 0.64, the AUCs of Khaos under the statistics-based and the LSTM-based detection approach are 0.76 and 0.57, respectively, and the precision of Khaos under the graph-based detection approach is 0.68. Our work proves that the existing detection approaches have big troubles in detecting Khaos, and Khaos has better anti-detection ability than state-of-the-art DGAs. In addition, we find that training the existing detection approach on a dataset including the domain names generated by Khaos can improve its detection ability.
更新日期:2020-02-11

 

全部期刊列表>>
化学/材料学中国作者研究精选
Springer Nature 2019高下载量文章和章节
《科学报告》最新环境科学研究
ACS材料视界
自然科研论文编辑服务
中南大学国家杰青杨华明
剑桥大学-
中国科学院大学化学科学学院
材料化学和生物传感方向博士后招聘
课题组网站
X-MOL
北京大学分子工程苏南研究院
华东师范大学分子机器及功能材料
中山大学化学工程与技术学院
试剂库存
天合科研
down
wechat
bug