Using Generative Adversarial Networks for Domain Generation Algorithm
| Autor: | Chia-Ruei Lee, 李家睿 |
|---|---|
| Rok vydání: | 2018 |
| Druh dokumentu: | 學位論文 ; thesis |
| Popis: | 106 Deep Learning has been widely used in the fields of image classification, video inpainting, dimensionality reduction, etc. Among different structures of deep learning networks, generative adversarial network (GAN) is the promising one to revolutionize the generative models. In particular, GAN, a hybrid structure consisting of a discriminator and generator, can be used to learn the inherent distribution of the input data. After that, the synthetic data sampled from the learned distribution exhibit similar statistics to the input data. In this thesis, we study the use of GAN as Domain Generation Algorithm (DGA) in botnet. By putting ourselves in the botmaster’s shoes, we consider the major challenges in designing a stealthy and robust botnet, such that the developed botnets over the GAN-based DGA could overcome the common weaknesses. More specifically, DGA is widely used in botnets to achieve stealthy communications between botmaster and bots. However, machine learning (ML)-based approaches have been developed to capture the difference between DGA-generated communication pattern and normal traffic pattern, so as to identify botnet communications. Thus, we study how to mimic the normal traffic pattern by taking advantage of GAN-based DGA. We used four GANs, including WGAN-GP, SeqGAN, RNN.WGAN and RNN.WGAN via Fisher GAN to conduct experiments. We found that under the DGA detection engine, Cymon, more than 20%–65% of DGA-generated traffic from our developed GAN-based DGA can escape the detection of Cymon, compared with the DGA-generated traffic from Cryptolocker and Ramnit. |
| Databáze: | Networked Digital Library of Theses & Dissertations |
| Externí odkaz: |
|