Detecting Algorithmically Generated Domains Using a GCNN-LSTM Hybrid Neural Network

Domain generation algorithm (DGA) is used by botnets to build a stealthy command and control (C&C) communication channel between the C&C server and the bots. A DGA can periodically produce a large number of pseudo-random algorithmically generated domains (AGDs). AGD detection algorithms provide a lightweight, promising solution in response to the existing DGA techniques. In this paper, a GCNN (gated convolutional neural network)-LSTM (long short-term memory) Hybrid Neural Network (GLHNN) for AGD detection is proposed. In GLHNN, GCNN is applied to extract the informative features from domain names on top of LSTM which further processes the feature sequence. GLHNN is experimentally validated using representative AGDs covering six classes of DGAs. GLHNN is compared with the state-of-the-art detection models and demonstrates the best overall detection performance among these tested models.