Towards Robust Domain Generation Algorithm Classification
This work addresses security vulnerabilities in DGA detection for cybersecurity applications, offering incremental improvements through new hardening methods.
The study tackled the robustness of domain generation algorithm (DGA) classifiers by implementing 32 white-box attacks, with 19 causing near 100% false-negative rates on unhardened models, and proposed a novel training scheme using adversarial latent space vectors and discretized domains to improve robustness without performance trade-offs.
In this work, we conduct a comprehensive study on the robustness of domain generation algorithm (DGA) classifiers. We implement 32 white-box attacks, 19 of which are very effective and induce a false-negative rate (FNR) of $\approx$ 100\% on unhardened classifiers. To defend the classifiers, we evaluate different hardening approaches and propose a novel training scheme that leverages adversarial latent space vectors and discretized adversarial domains to significantly improve robustness. In our study, we highlight a pitfall to avoid when hardening classifiers and uncover training biases that can be easily exploited by attackers to bypass detection, but which can be mitigated by adversarial training (AT). In our study, we do not observe any trade-off between robustness and performance, on the contrary, hardening improves a classifier's detection performance for known and unknown DGAs. We implement all attacks and defenses discussed in this paper as a standalone library, which we make publicly available to facilitate hardening of DGA classifiers: https://gitlab.com/rwth-itsec/robust-dga-detection