Detecting DGA Botnet based on Behaviour Analysis
This repo contains label, summary and the datasets for classifying domains as DGA or benign. This dataset demonstrates our results in our paper here: Detecting DGA Botnet based on Behaviour Analysis In this paper, we propose and develop a DGA botnet detection method using the combination of the Long Short-Term Memory network (LSTM) and network traffic analysis. We also propose a set of rules that can be used for detecting various DGA malware behaviors. Our method recognizes even hard-to-detect dictionary DGAs such as suppobox and matsnu, while providing an 𝐹 1-𝑠𝑐𝑜𝑟𝑒 of 0.9888
Follow the instructions, you can reimplement our method. Besides, we also provide some datasets: https://husteduvn-my.sharepoint.com/:f:/g/personal/bkcs_hust_edu_vn/ElPvODL7BnZAtl8NLe8njBgBQpwL7iS0p8VjXtympkWZvw?e=mM2Cmi