Enhanced DGA detection in Botnet traffic: leveraging N-Gram, topic modeling, and attention BiLSTM

This abstract introduces a novel approach for detecting Domain Generation Algorithms (DGA) in Botnet traffic through the integration of N-Gram analysis, Topic Modeling, and Attention-based Bidirectional Long Short-Term Memory (BiLSTM) networks. The proposed model begins with N-Gram analysis to capture sequential patterns in domain names, enhancing the detection of algorithmically generated domains. Topic Modeling extracts latent themes within network traffic data, providing a deeper understanding of the semantic context associated with potentially malicious domains. An Attention mechanism is integrated into a BiLSTM network to harness contextual nuances, allowing the model to selectively focus on critical segments of the input data. This attention-driven BiLSTM network captures long-range dependencies and intricate temporal dynamics inherent in Botnet communication. Experimental evaluations on diverse datasets demonstrate the proposed approach's efficacy in outperforming existing methods. The HybridNATT-DGA model achieved an accuracy of 99% using the Adam optimizer, surpassing the performance of other models such as LSTM (97.64%), ATT-CNN-B (94%), and ANN (95%). Additionally, the model exhibited a validation accuracy of 98% and a validation loss of 0.02, highlighting its robustness and precision. These results underscore the model's ability to adapt to evolving adversarial strategies, showcasing its superior detection rates. The fusion of N-Gram analysis, Topic Modeling, and Attention BiLSTM offers a comprehensive solution for DGA detection, providing a robust defense against sophisticated cyber threats in the continually evolving landscape of network security. This research advances the field of intrusion detection and cyber threat mitigation by presenting a holistic and adaptive approach tailored to the challenges posed by modern Botnet traffic.