28-29 September 2020
UTC timezone

Neural Networks and Challenges in Detection of Malicious DNS Traffic and DGA malware

29 Sep 2020, 13:30
Standard Presentation Online Workshop OARC 33 Day 2


Mr Robert Sefr


Deep learning brings a lot of new possibilities in the detection of previously unknown attacks. However, it could be tricky because of false positives.

We introduce how to get the benefit for your network from the research we performed with the Czech Technical University in Prague [Catania C., García S., Torres P. (2019)] to develop a new approach to identify devices infected by DGA malware. Concurrently, this speech will explain what impact has DGA malware on networks and how to reduce it.

A Domain Generation Algorithm (DGA) is an algorithm to generate domain names in a deterministic but seemly random way. Malware use DGAs to generate the next domain to access the Command Control (C&C) communication server. Given the simplicity of the generation process and speed at which the domains are generated, a fast and accurate detection method is required. Convolutional neural networks (CNN) are well known for performing real-time detection in fields like image and video recognition. Therefore, they seemed suitable for DGA detection.

The resulting CNN model that we implemented, has very simple architecture that can in initial testing detected more than 97% of total DGA domains with a false positive rate close to 0.7%.

References: Catania C., García S., Torres P. (2019) Deep Convolutional Neural Networks for DGA Detection. In: Pesado P., Aciti C. (eds) Computer Science – CACIC 2018. CACIC 2018. Communications in Computer and Information Science, vol 995. Springer, Cham; available at https://link.springer.com/chapter/10.1007%2F978-3-030-20787-8_23

Talk Duration 20 minutes
Your consent for us to publish your name and<br />affiliation as a Speaker on the OARConline 33 website Yes

Primary author

Mr Robert Sefr


Dr Sebastian Garcia Dr Carlos Catania

Presentation Materials