Domain Generation Algorithm Detection Utilizing Model Hardening Through GAN-Generated Adversarial Examples

Abstract

Modern malware families often utilize Domain Generation Algorithms (DGAs) to register addresses for their Command and Control (C&C) servers. Instead of hardcoding the address of the C&C domain in the malware, DGAs are used to frequently change the address of the C&C server, causing static detection methods, such as blacklists, to be ineffective. In response, DGA detection methods have been proposed which attempt to detect these DGA-produced domains in live traffic. Previous research has investigated using domains generated from a Generative Adversarial Network (GAN) to increase the ability of a detection model to detect unseen DGA variants. Building upon this concept, we test a similar experiment using an improved GAN and detection model. For the GAN, we train a Gradient Penalty Wasserstein GAN using benign domains as an input to produce set generated domains that are difficult to differentiate from real domains. The resulting set of domains have characteristics, such as character distribution, that more closely resemble real domains than sets produced in previous research. We then use these GAN-produced domains as additional examples of DGA domains and use them to augment the training set for a DGA detection model. While a feature engineering approach has been used in previous research, we use a deep learning, convolutional neural network and long short-term memory based detection model which had significantly higher hold-out detection rates for many DGA families. After training, we evaluate the model by comparing its detection rate on several holdout DGA families with GAN augmentation compared to the same model which used an augmented training set. This is shown to increase the detection rate of the classifier (at a standardized false positive rate) on certain DGA families. Further, unlike previous approaches, we conduct significance testing on the resulting detection rates to more accurately show the effect that adversarial hardening had on the model.