A WGAN-Based Method for Generating Malicious Domain Training Data

Abstract

Domain Generation Algorithm (DGA) is a common method used by malware to generate a large number of domains on a regular basis. These domains can be used for malicious purposes such as botnet construction and data leakage. DGA malicious domain names, not only in number, but also in types, are a major challenge for malicious domain detection technology. The current detection methods based on artificial rules and detection algorithms based on machine learning are not effective due to the inability to obtain the latest DGA malicious domain data set in time. In this paper, a new encoding method is proposed to construct the encoder and decoder, combined with an improved version of the Generative Adversarial Network—Wasserstein Generative Adversarial Networks (WGAN), which uses a variety of known real DGA malicious domain family data to predict and generate DGA variant training samples. And through classifier training and performance evaluation of the effectiveness of domain names generated by the malicious domain name generator, it is proved that the data generated by this method can as a real DGA sample and provide a large amount of training data for the future DGA domain detector.