TY - GEN
T1 - Cdga
T2 - 21st IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2022
AU - Zhai, You
AU - Yang, Jian
AU - Wang, Zixiang
AU - He, Longtao
AU - Yang, Liqun
AU - Li, Zhoujun
N1 - Publisher Copyright:
© 2022 IEEE.
PY - 2022
Y1 - 2022
N2 - Recently Command and Control (C&C) servers have attracted considerable attention in botnets and domain generation algorithms (DGAs) further enhance the stealth of C&C servers. However, Algorithmically Generated Domains (AGDs) generated by DGAs can be easily detected by previous DGA detection approaches. More specifically, the previous DGAs are hard to satisfy domain name rules, low repetition rate, and anti-detection in practical scenarios simultaneously. Designing an outstanding DGA has become a crucial issue from the botnet owner's perspective. To mitigate these problems, we propose Cdga, a Controllable DGA via Generative Adversarial Networks (GAN), which is a popular backbone model for text generation in the natural language processing (NLP) community.Controllable text generation approaches are adopted by Cdga to ensure no repetition in the generated domain names and compliance with the domain rules. In addition to cheating DGA detectors, GANs are exploited to equip Cdga with a powerful anti-detection ability. Furthermore, our proposed method uses the technique of NLP to force the AGDs to meet language rules, where the generated domain names are difficult for recognition by human. By utilizing the time-dependent seed, Cdga can dynamically generate domain names, ensuring that the malware can connect to the C&C server conditioned on a specific time stamp. Experimental results demonstrate that the domain names generated by our method are realistic enough to be resistant to the state-of-the-art DGA detectors.
AB - Recently Command and Control (C&C) servers have attracted considerable attention in botnets and domain generation algorithms (DGAs) further enhance the stealth of C&C servers. However, Algorithmically Generated Domains (AGDs) generated by DGAs can be easily detected by previous DGA detection approaches. More specifically, the previous DGAs are hard to satisfy domain name rules, low repetition rate, and anti-detection in practical scenarios simultaneously. Designing an outstanding DGA has become a crucial issue from the botnet owner's perspective. To mitigate these problems, we propose Cdga, a Controllable DGA via Generative Adversarial Networks (GAN), which is a popular backbone model for text generation in the natural language processing (NLP) community.Controllable text generation approaches are adopted by Cdga to ensure no repetition in the generated domain names and compliance with the domain rules. In addition to cheating DGA detectors, GANs are exploited to equip Cdga with a powerful anti-detection ability. Furthermore, our proposed method uses the technique of NLP to force the AGDs to meet language rules, where the generated domain names are difficult for recognition by human. By utilizing the time-dependent seed, Cdga can dynamically generate domain names, ensuring that the malware can connect to the C&C server conditioned on a specific time stamp. Experimental results demonstrate that the domain names generated by our method are realistic enough to be resistant to the state-of-the-art DGA detectors.
KW - Command and Control (C&C)
KW - Controllable Text Generation (CTG)
KW - Domain generation algorithm (DGA)
KW - Wasserstein Generative Adversarial Networks (WGAN)
UR - https://www.scopus.com/pages/publications/85151682763
U2 - 10.1109/TrustCom56396.2022.00056
DO - 10.1109/TrustCom56396.2022.00056
M3 - 会议稿件
AN - SCOPUS:85151682763
T3 - Proceedings - 2022 IEEE 21st International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2022
SP - 352
EP - 360
BT - Proceedings - 2022 IEEE 21st International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2022
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 9 December 2022 through 11 December 2022
ER -