Detecting DNS Threats: A Deep Learning Model to Rule Them All

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21230%2F19%3A00348185" target="_blank" >RIV/68407700:21230/19:00348185 - isvavai.cz</a>

Výsledek na webu

<a href="http://170.210.201.137/pdfs/asai/ASAI-10.pdf" target="_blank" >http://170.210.201.137/pdfs/asai/ASAI-10.pdf</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.13140/RG.2.2.14296.03849" target="_blank" >10.13140/RG.2.2.14296.03849</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Detecting DNS Threats: A Deep Learning Model to Rule Them All

Popis výsledku v původním jazyce

Domain Name Service is a central part of Internet regular operation. Such importance has made it a common target of different malicious behaviors such as the application of Domain Generation Algorithms (DGA) for command and control a group of infected computers or Tunneling techniques for bypassing system administrator restrictions. A common detection approach is based on Training different models detecting DGA and Tunneling capable of performing a lexicographic discrimination of the domain names. However, since both DGA and Tunneling showed domain names with observable lexicographical differences with normal domains, it was reasonable to apply the same detection approach to both threats. In the present work, we propose a multi class convolutional network architecture (MC-CNN) capable of detecting both DNS threats. The resulting MC-CNN is able to detect correctly 99% of normal domains ,97% of DGAs and 92% of Tunneling, with a False Positive Rate of 2.8%, 0.7% and 0.0015% respectively.

Název v anglickém jazyce

Detecting DNS Threats: A Deep Learning Model to Rule Them All

Popis výsledku anglicky

Domain Name Service is a central part of Internet regular operation. Such importance has made it a common target of different malicious behaviors such as the application of Domain Generation Algorithms (DGA) for command and control a group of infected computers or Tunneling techniques for bypassing system administrator restrictions. A common detection approach is based on Training different models detecting DGA and Tunneling capable of performing a lexicographic discrimination of the domain names. However, since both DGA and Tunneling showed domain names with observable lexicographical differences with normal domains, it was reasonable to apply the same detection approach to both threats. In the present work, we propose a multi class convolutional network architecture (MC-CNN) capable of detecting both DNS threats. The resulting MC-CNN is able to detect correctly 99% of normal domains ,97% of DGAs and 92% of Tunneling, with a False Positive Rate of 2.8%, 0.7% and 0.0015% respectively.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

<a href="/cs/project/TH02010990" target="_blank" >TH02010990: Ludus: Kolaborativní obrana proti internetovým útokům pomocí stojového učení a teorie her</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2019

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

ASAI

ISBN

—

ISSN

2451-7585

e-ISSN

—

Počet stran výsledku

12

Strana od-do

90-101

Název nakladatele

ARGENTINE SYMPOSIUM ON ARTIFICIAL INTELLIGENCE

Místo vydání

—

Místo konání akce

Argentina University

Datum konání akce

10. 6. 2019

Typ akce podle státní příslušnosti

EUR - Evropská akce

Kód UT WoS článku

—