CLETer: A Character-level Evasion Technique Against Deep Learning DGA Classifiers

Liu, Wanping and Zhang, Zhoulan and Huang, Cheng and Fang, Yong (2021) CLETer: A Character-level Evasion Technique Against Deep Learning DGA Classifiers. EAI Endorsed Transactions on Security and Safety, 7 (24). e5. ISSN 2032-9393

[img]
Preview
Text
eai.18-2-2021.168723.pdf
Available under License Creative Commons Attribution No Derivatives.

Download (2MB) | Preview

Abstract

The detection of pseudo-random domain names generated by Domain Generation Algorithms (DGAs) is one of the effective ways to find botnets. Study on the vulnerability of deep learning models to adversarial attacks can enhance the robustness of DGA detection mechanism. This paper proposes CLETer, an improved DGA that provides a character-level evasion technique against state-of-the-art DGA classifiers. Based on existing DGA domain names, CLETer can intelligently generate adversarial examples by quantifying the influence of every character to the classification result and then changing the important characters. Those improved domain names can easily evade being detected and show good transferability. The experimental results demonstrate that when modifying only two characters, CLETer can effectively lower the LSTM classifier’s recall from 99.76% to 1.29% and drop the CNN classifier’s recall from 99.36% to 3.64%. It is proved that adversarial retraining is a viable defense strategy to CLETer.

Item Type: Article
Uncontrolled Keywords: cybersecurity, malware, domain generation algorithms, deep learning, adversarial attack
Subjects: H Social Sciences > H Social Sciences (General)
Q Science > QA Mathematics > QA75 Electronic computers. Computer science
QA75 Electronic computers. Computer science
Depositing User: EAI Editor IV
Date Deposited: 26 Mar 2021 14:03
Last Modified: 26 Mar 2021 14:03
URI: https://eprints.eudl.eu/id/eprint/2139

Actions (login required)

View Item View Item