Next Article in Journal
The Quantum Friction and Optimal Finite-Time Performance of the Quantum Otto Cycle
Previous Article in Journal
Software Requirements Classification Using Machine Learning Algorithms
Article

Detection of Algorithmically Generated Domain Names Using the Recurrent Convolutional Neural Network with Spatial Pyramid Pooling

1
Fujian Key Laboratory of Network Computing and Intelligent Information Processing, College of Mathematics and Computer Science, Fuzhou University, Fuzhou 350116, China
2
Key Laboratory of Spatial Data Mining & Information Sharing, Ministry of Education, Fuzhou 350116, China
*
Author to whom correspondence should be addressed.
Entropy 2020, 22(9), 1058; https://doi.org/10.3390/e22091058
Received: 23 June 2020 / Revised: 12 September 2020 / Accepted: 17 September 2020 / Published: 22 September 2020
Domain generation algorithms (DGAs) use specific parameters as random seeds to generate a large number of random domain names to prevent malicious domain name detection. This greatly increases the difficulty of detecting and defending against botnets and malware. Traditional models for detecting algorithmically generated domain names generally rely on manually extracting statistical characteristics from the domain names or network traffic and then employing classifiers to distinguish the algorithmically generated domain names. These models always require labor intensive manual feature engineering. In contrast, most state-of-the-art models based on deep neural networks are sensitive to imbalance in the sample distribution and cannot fully exploit the discriminative class features in domain names or network traffic, leading to decreased detection accuracy. To address these issues, we employ the borderline synthetic minority over-sampling algorithm (SMOTE) to improve sample balance. We also propose a recurrent convolutional neural network with spatial pyramid pooling (RCNN-SPP) to extract discriminative and distinctive class features. The recurrent convolutional neural network combines a convolutional neural network (CNN) and a bi-directional long short-term memory network (Bi-LSTM) to extract both the semantic and contextual information from domain names. We then employ the spatial pyramid pooling strategy to refine the contextual representation by capturing multi-scale contextual information from domain names. The experimental results from different domain name datasets demonstrate that our model can achieve 92.36% accuracy, an 89.55% recall rate, a 90.46% F1-score, and 95.39% AUC in identifying DGA and legitimate domain names, and it can achieve 92.45% accuracy rate, a 90.12% recall rate, a 90.86% F1-score, and 96.59% AUC in multi-classification problems. It achieves significant improvement over existing models in terms of accuracy and robustness. View Full-Text
Keywords: domain generation algorithm; algorithmically generated domain name; SMOTE; recurrent convolutional neural network; spatial pyramid pooling domain generation algorithm; algorithmically generated domain name; SMOTE; recurrent convolutional neural network; spatial pyramid pooling
Show Figures

Figure 1

MDPI and ACS Style

Liu, Z.; Zhang, Y.; Chen, Y.; Fan, X.; Dong, C. Detection of Algorithmically Generated Domain Names Using the Recurrent Convolutional Neural Network with Spatial Pyramid Pooling. Entropy 2020, 22, 1058. https://doi.org/10.3390/e22091058

AMA Style

Liu Z, Zhang Y, Chen Y, Fan X, Dong C. Detection of Algorithmically Generated Domain Names Using the Recurrent Convolutional Neural Network with Spatial Pyramid Pooling. Entropy. 2020; 22(9):1058. https://doi.org/10.3390/e22091058

Chicago/Turabian Style

Liu, Zhanghui, Yudong Zhang, Yuzhong Chen, Xinwen Fan, and Chen Dong. 2020. "Detection of Algorithmically Generated Domain Names Using the Recurrent Convolutional Neural Network with Spatial Pyramid Pooling" Entropy 22, no. 9: 1058. https://doi.org/10.3390/e22091058

Find Other Styles
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

1
Back to TopTop