File size: 2,329 Bytes
609ef7e ef2be35 26fefaf cf59d1c 5138de6 cf59d1c a3bfe7e cf59d1c 5138de6 cf59d1c 5138de6 cf59d1c 5138de6 26fefaf |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 |
---
library_name: keras
license: bsd
datasets:
- harpomaxx/dga-detection
---
## Model description
A Domain Generation Algoritm (DGA) lexicographical detector using 1DCNN. As described in the article [*Deep Convolutional Neural Networks for DGA Detection* (Catania et al.,2018)](https://link.springer.com/chapter/10.1007/978-3-030-20787-8_23)\
\
The rest of source code is available at [GitHub](https://github.com/harpomaxx/deepseq)
## Intended uses & limitations
Use it wisely...
## Training and evaluation data
The DGA detection method was trained and evaluated on a dataset containing both DGA and normal domain names.
The normal domain names were taken from the Alexa top one million domains. An additional 3,161 normal domains were included in the dataset, provided by the Bambenek Consulting feed. This later group is particularly interesting since it consists of suspicious domain names that were not generated by DGA. Therefore, the total amount of domains normal in the dataset is 1,003,161. DGA domains were obtained from the repositories of DGA domains of [Andrey Abakumov](https://github.com/andrewaeva/DGA) and [John Bambenek](http://osint.bambenekconsulting.com/feeds/) . The total amount of DGA domains is 1,915,335, and they correspond to 51 different malware families.
## Training procedure
A traditional grid search was conducted through a specified subset on the training set. For a robust estimation, the evaluation of each parameter combination was carried out using a k-fold cross validation with *k=10* folds. The 1D-CNN layer was trained using the back propagation algorithm considering the Adaptive Moment Estimation optimizer. The 1D-CNN training was carried out during 10 epochs. The number of epochs was selected to avoid overfitting.
### Training hyperparameters
The following hyperparameters were used during training:
| Hyperparameters | Value |
|:-------------------|:----------------------|
| name | Adam |
| learning_rate | 0.0010000000474974513 |
| decay | 0.0 |
| beta_1 | 0.8999999761581421 |
| beta_2 | 0.9990000128746033 |
| epsilon | 1e-07 |
| amsgrad | False |
| training_precision | float32 | |