Malicious Domain Name Recognition Based on Deep Neural Networks

  • Xiaodan Yan
  • Baojiang Cui
  • Jianbin LiEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11342)


Malware steals private information by randomly generating a large number of malicious domain names every day using domain generation algorithms (DGAs), which pose a great threat to our daily Internet activity. To improve recognition accuracy for these malicious domain names, this paper proposes a malicious domain name detection algorithm based on deep neural networks to capture the characteristics of malicious domain names. The resulting model is called a Discriminator based on Hierarchical Bidirectional Recurrent Neural Networks (D-HBiRNN).


Security Domain name Neural networks BiRNN LSTM 


  1. 1.
    Hoque, N., Bhattacharyya, D.K., Kalita, J.K.: Botnet in DDoS attacks: trends and challenges. IEEE Commun. Surv. Tutor. 17(4), 2242–2270 (2015)CrossRefGoogle Scholar
  2. 2.
    Rossow, C.: Amplification hell: revisiting network protocols for DDoS abuse. In: Proceedings 2014 Network and Distributed System Security Symposium. Internet Society, Reston, VA (2014).
  3. 3.
    Thatte, G., Mitra, U., Heidemann, J.: Parametric methods for anomaly detection in aggregate traffic. IEEE/ACM Trans. Netw. 19(2), 512–525 (2011)CrossRefGoogle Scholar
  4. 4.
    Graves, A.: Supervised Sequence Labelling with Recurrent Neural Networks, vol. 385. Springer, Berlin (2012). Scholar
  5. 5.
    Duffield, N., Haffner, P., Krishnamurthy, B., et al.: Rule-based anomaly detection on IP flows. In: INFOCOM, pp. 424–432. IEEE (2009)Google Scholar
  6. 6.
    Chen, T., Xu, S., Zhang, C.: Risk assessment method for network security based on intrusion detection system. Comput. Sci. 37(9), 94–96 (2010)Google Scholar
  7. 7.
    Krizhevsky, A., Sutskever, I., Hinton, G.E.: ImageNet classification with deep convolutional neural networks. In: International Conference on Neural Information Processing Systems, pp. 1097–1105. Curran Associates Inc. (2012)Google Scholar
  8. 8.
    He, K., Zhang, X., Ren, S., et al.: Deep residual learning for image recognition. In: Computer Vision and Pattern Recognition, pp. 770–778. IEEE (2016)Google Scholar
  9. 9.
    Schuster, M., Paliwal, K.K.: Bidirectional recurrent neural networks. IEEE Trans. Signal Process 45(11), 2673–2681 (1997)CrossRefGoogle Scholar
  10. 10.
    Hochreiter, S., Schmidhuber, J.: Long short-term memory. Neural Comput. 9(8), 1735–1780 (1997)CrossRefGoogle Scholar
  11. 11.
    Netlab 360 Homepage. Accessed 21 Sept 2018
  12. 12.
    Haddadi, F., Kayacik, H.G., Zincir-Heywood, A.N., Heywood, M.I.: Malicious automatically generated domain name detection using stateful-SBB. In: Esparcia-Alcázar, A.I. (ed.) EvoApplications 2013. LNCS, vol. 7835, pp. 529–539. Springer, Heidelberg (2013). Scholar
  13. 13.
    Xiong, C., Li, P., Zhang, P., Liu, Q., Tan, J.: MIRD: trigram-based Malicious URL detection Implanted with Random Domain name recognition. In: Niu, W., et al. (eds.) ATIS 2015. CCIS, vol. 557, pp. 303–314. Springer, Heidelberg (2015). Scholar
  14. 14.
    Jamdagni, A., Jamdagni, A., He, X., et al.: A system for denial-of-service attack detection based on multivariate correlation analysis. IEEE Trans. Parallel Distrib. Syst. 25(2), 447–456 (2014)CrossRefGoogle Scholar
  15. 15.
    Buczak, A.L., Guven, E.: A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Commun. Surv. Tutor. 18(2), 1153–1176 (2017)CrossRefGoogle Scholar
  16. 16.
    Thomas, K., Grier, C., Ma, J., et al.: Design and evaluation of a real-time URL spam filtering service. In: Security and Privacy, pp. 447–462. IEEE (2011)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.Beijing University of Posts and TelecommunicationsBeijingChina
  2. 2.North China Electric Power UniversityBeijingChina

Personalised recommendations