Using Auxiliary Inputs in Deep Learning Models for Detecting DGA-based Domain Names

Command-and-Control (C&C) servers use Domain Generation Algorithms (DGAs) to communicate with bots for uploading malware and coordinating attacks. Manual detection methods and sinkholing fail to work against these algorithms, which can generate thousands of domain names within a short period. This creates a need for an automated and intelligent system that can detect such malicious domains. LSTM (Long Short Term Memory) is one of the most popularly used deep learning architectures for DGA detection, but it performs poorly against Dictionary Domain Generation Algorithms. This work explores the application of various machine learning techniques to this problem, including specialized approaches such as Auxiliary Loss Optimization for Hypothesis Augmentation (ALOHA), with a particular focus on their performance against Dictionary Domain Generation Algorithms. The ALOHA-LSTM model improves the accuracy of Dictionary Domain Generation Algorithms compared to the state of the art LSTM model. Improvements were observed in the case of word-based DGAs as well. Addressing this issue is of paramount importance, as they are used extensively in carrying out Distributed Denial-of-Service (DDoS) attacks. DDoS and its variants comprise one of the most significant and damaging cyber-attacks that have been carried out in the past.