With the development of Internet technology, botnets have become a major threat to most of the computers over the Internet. Most sophisticated bots use Domain Generation Algorithms (DGAs) to automatically generate a large number of pseudo-random domain names in Domain Name Service (DNS) domain fluxing, which can allow malware to communicate with Command and Control (C&C) server. To cope with this challenge, we built a novel Two-Stream network-based deep learning framework (named TS-ASRCaps) that uses multimodal information to reflect the properties of DGAs. Furthermore, we proposed an Attention Sliced Recurrent Neural Network (ATTSRNN) to automatically mine the underlying semantics. We also used a Capsule Network (CapsNet) with dynamic routing to model high-level visual information. Finally, we emphasized how the multimodal-based model outperforms other state-of-the-art models for the classification of domain names. To the best of our knowledge, this is the first work that the multimodal deep learning have been empirically investigated for DGA botnet detection.

中文翻译：

---

基于胶囊网络和切片循环神经网络的双流网络用于 DGA 僵尸网络检测

随着互联网技术的发展，僵尸网络已经成为互联网上大多数计算机的主要威胁。大多数复杂的机器人使用域生成算法 (DGA) 在域名服务 (DNS) 域通量中自动生成大量伪随机域名，这可以允许恶意软件与命令和控制 (C&C) 服务器进行通信。为了应对这一挑战，我们构建了一个新颖的基于双流网络的深度学习框架（名为 TS-ASRCaps），它使用多模态信息来反映 DGA 的特性。此外，我们提出了一种注意力切片循环神经网络（ATTSRNN）来自动挖掘底层语义。我们还使用具有动态路由的胶囊网络 (CapsNet) 来对高级视觉信息进行建模。最后，我们强调了基于多模态的模型如何优于其他最先进的域名分类模型。据我们所知，这是第一项针对 DGA 僵尸网络检测对多模态深度学习进行实证研究的工作。