CLETer: A Character-level Evasion Technique Against Deep Learning DGA Classifiers
DOI:
https://doi.org/10.4108/eai.18-2-2021.168723Keywords:
cybersecurity, malware, domain generation algorithms, deep learning, adversarial attackAbstract
The detection of pseudo-random domain names generated by Domain Generation Algorithms (DGAs) is one of the effective ways to find botnets. Study on the vulnerability of deep learning models to adversarial attacks can enhance the robustness of DGA detection mechanism. This paper proposes CLETer, an improved DGA that provides a character-level evasion technique against state-of-the-art DGA classifiers. Based on existing DGA domain names, CLETer can intelligently generate adversarial examples by quantifying the influence of every character to the classification result and then changing the important characters. Those improved domain names can easily evade being detected and show good transferability. The experimental results demonstrate that when modifying only two characters, CLETer can effectively lower the LSTM classifier’s recall from 99.76% to 1.29% and drop the CNN classifier’s recall from 99.36% to 3.64%. It is proved that adversarial retraining is a viable defense strategy to CLETer.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2022 EAI Endorsed Transactions on Security and Safety
This work is licensed under a Creative Commons Attribution 3.0 Unported License.
This is an open-access article distributed under the terms of the Creative Commons Attribution CC BY 3.0 license, which permits unlimited use, distribution, and reproduction in any medium so long as the original work is properly cited.
Funding data
-
National Key Research and Development Program of China
Grant numbers No.2016YFE0206700