Reverse Method for DGA Based on Generative BiLSTM Model

Reverse Method for DGA Based on Generative BiLSTM Model

연구 분야: Analysis

학회: International Conference on Cyberspace Simulation and Evaluation

DGA (Domain Generation Algorithm) is a technique used to generate a large number of domain names, widely utilized for malware communication. Traditional methods for intercepting DGA domains involve using machine learning to detect whether a domain belongs to DGA, which not only demands high computational resources but also suffers from interception latency. This paper proposes a Reverse Method for DGA based on a Generative BiLSTM Model. This method uses the BiLSTM model to learn the patterns of DGA domain sequences of a particular type, thereby reversing the DGA to preemptively generate a blacklist of domains for that type of DGA. This improves the timeliness and accuracy of domain interception. Experimental results show that the model can effectively reverse multiple types of DGA and generate subsequent DGA domains that might be produced by these algorithms.