A SYSTEM AND METHOD FOR DETECTING DOMAIN GENERATION ALGORITHMS (DGAs) USING DEEP LEARNING AND SIGNAL PROCESSING TECHNIQUES

A SYSTEM AND METHOD FOR DETECTING DOMAIN GENERATION ALGORITHMS (DGAs) USING DEEP LEARNING AND SIGNAL PROCESSING TECHNIQUES

System and method for detecting domain names that exhibit Domain Generation Algorithm (DGA) like behaviours from a stream of Domain Name System (DNS) records. In particular, this document describes a system comprising a deep learning classifier (DL-C) module for receiving and filtering the stream of...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Quek Han Yang, Chan Jin Hao, Lee Joon Sern, Yam Gui Peng David
Format: Patent
Sprache:eng
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:System and method for detecting domain names that exhibit Domain Generation Algorithm (DGA) like behaviours from a stream of Domain Name System (DNS) records. In particular, this document describes a system comprising a deep learning classifier (DL-C) module for receiving and filtering the stream of DNS records before the filtered DNS records, which have been determined to possess domain names that exhibit DGA behaviour are provided to a series filter-classifier (SFC) module. The SFC module then groups the records into various series based on source IP, destination IP and time. For each series, it then filters away records that do not exhibit the dominant DGA characteristics of the series. Finally, for each series, it makes use of the remaining DNS records' timestamps to generate a time series of DGA occurrences and then, using this time series of occurrences, determine the number of DGA bursts throughout the time period of analysis.