| Title | Improving DGA-Based Malicious Domain Classifiers for Malware Defense with Adversarial Machine Learning |
| Publication Type | Conference Paper |
| Year of Publication | 2020 |
| Authors | Yilmaz, Ibrahim, Siraj, Ambareen, Ulybyshev, Denis |
| Conference Name | 2020 IEEE 4th Conference on Information Communication Technology (CICT) |
| Keywords | Adversarial Machine Learning, blacklisting, Computational modeling, Containers, Data models, data privacy, domain generation algorithms, Long short-term memory, Perturbation methods, pubcrawl, Resiliency, Scalability, Servers, signature based defense, Training |
| Abstract | Domain Generation Algorithms (DGAs) are used by adversaries to establish Command and Control (C&C) server communications during cyber attacks. Blacklists of known/identified C&C domains are used as one of the defense mechanisms. However, static blacklists generated by signature-based approaches can neither keep up nor detect never-seen-before malicious domain names. To address this weakness, we applied a DGA-based malicious domain classifier using the Long Short-Term Memory (LSTM) method with a novel feature engineering technique. Our model's performance shows a greater accuracy compared to a previously reported model. Additionally, we propose a new adversarial machine learning-based method to generate never-before-seen malware-related domain families. We augment the training dataset with new samples to make the training of the models more effective in detecting never-before-seen malicious domain names. To protect blacklists of malicious domain names against adversarial access and modifications, we devise secure data containers to store and transfer blacklists. |
| DOI | 10.1109/CICT51604.2020.9311925 |
| Citation Key | yilmaz_improving_2020 |
Improving DGA-Based Malicious Domain Classifiers for Malware Defense with Adversarial Machine Learning