Detecting malicious domain names using deep learning approaches at scale

Threats related to computer security constantly evolving and attacking the networks and internet all the time. New security threats and the sophisticated methods that hackers use can bypass the detection and prevention mechanisms. A new approach which can handle and analyze massive amount of logs from diverse sources such as network packets, Domain name system (DNS) logs, proxy logs, system/service logs etc. required. This approach can be typically termed as big data. This approach can protect and provide solution to various security issues such as fraud detection, malicious activities and other advanced persistent threats. Apache spark is a distributed big data based cluster computing platform which can store and process the security data to give real time protection. In this paper, we collect only DNS logs from client machines in local area network (LAN) and store it in a server. To find the domain name as either benign or malicious, we propose deep learning based approach. For comparison, we have evaluated the effectiveness of various deep learning approaches such as recurrent neural network (RNN), long short-term memory (LSTM) and other traditional machine learning classifiers. Deep learning based approaches have performed well in comparison to the other classical machine learning classifiers. The primary reason is that deep learning algorithms have the capability to obtain the right features implicitly. Moreover, LSTM has obtained highest malicious detection rate in all experiments in comparison to the other deep learning approaches.