Domain Generation Algorithms (DGAs) are frequently used to generate large numbers of domains for use by botnets. These domains are often used as rendezvous points for the servers that malware has command and control over. There are many algorithms that are used to generate domains, but many of these algorithms are simplistic and are very easy to detect using classical machine learning techniques. In this paper, three different variants of generative adversarial networks (GANs) are used to improve domain generation by making the domains more difficult for machine learning algorithms to detect. The domains generated by traditional DGAs and the GAN based DGA are then compared by using state of the art machine learning based DGA classifiers. The results show that the GAN based DGAs gets detected by the DGA classifiers significantly less than the traditional DGAs. An analysis of the GAN variants is also performed to show which GAN variant produces the most usable domains. As verified by testing results and analysis, the Wasserstein GAN with Gradient Penalty (WGANGP), is the best GAN variant to use as a DGA.
翻译:DGA Adminication Algorithms (DGAs) 常被用来生成大量供机器人使用的域名。 这些域名通常被用作恶意软件指挥和控制服务器的集合点。 有许多算法被用于生成域名, 但许多这些算法都是简单化的, 并且很容易使用古典机器学习技术来检测 。 在本文中, 使用三种不同的基因对抗网络变种( GANs) 来改进域名的生成, 使域名更难被机器学习算法检测 。 传统 DGAs 和 GAN 以 GGA 为基础的 DGA 生成域名( GGA GA) 生成的域名, 然后使用以艺术机器学习为基础的 DGA 分类器的状态来比较。 结果显示, DGA 分类器的基于 GAN 的 DGA 的 DGA 值比传统的 DGA要小得多。 对 GAN 变量的分析也是为了显示哪个 GAN 变方能产生最有用的域名 。 经测试和分析证实, 使用 瓦瑟尔斯坦 GAN GAN 的GAN (WGANP) 是最佳的GAGA 变方 。