DomainGAN: Generating Adversarial Examples to Attack Domain Generation Algorithm Classifiers
This addresses cybersecurity threats by improving botnet evasion techniques, though it is incremental as it applies existing GAN methods to a specific domain.
The paper tackled the problem of generating adversarial domains to evade deep learning-based Domain Generation Algorithm (DGA) classifiers, achieving superior evasion compared to traditional DGAs, with the Wasserstein GAN with Gradient Penalty variant performing best both offensively and defensively.
Domain Generation Algorithms (DGAs) are frequently used to generate numerous domains for use by botnets. These domains are often utilized as rendezvous points for servers that malware has command and control over. There are many algorithms that are used to generate domains, however many of these algorithms are simplistic and easily detected by traditional machine learning techniques. In this paper, three variants of Generative Adversarial Networks (GANs) are optimized to generate domains which have similar characteristics of benign domains, resulting in domains which greatly evade several state-of-the-art deep learning based DGA classifiers. We additionally provide a detailed analysis into offensive usability for each variant with respect to repeated and existing domain collisions. Finally, we fine-tune the state-of-the-art DGA classifiers by adding GAN generated samples to their original training datasets and analyze the changes in performance. Our results conclude that GAN based DGAs are superior in evading DGA classifiers in comparison to traditional DGAs, and of the variants, the Wasserstein GAN with Gradient Penalty (WGANGP) is the highest performing DGA for uses both offensively and defensively.