Ms. Irina Chiscop Profile

Irina Chiscop

SPIE Involvement:

Author

Publications (1)

This will count as one of your downloads.

You will have access to both the presentation and article (if available).

DOWNLOAD NOW

This content is available for download via your institution's subscription. To access this item, please sign in to your personal account.

Email or Username Forgot your username?

Password Forgot your password?

Show

Keep me signed in

No SPIE account? Create an account

Proceedings Article | 7 June 2024 Poster + Paper

Evading deep learning-based DGA detectors: current problems and solutions

Puck de Haan, Irina Chiscop, Bram Poppink, Yori Kamphuis

Proceedings Volume 13051, 130511H (2024) https://doi.org/10.1117/12.3012997

KEYWORDS: Data modeling, Adversarial training, Statistical modeling, Deep learning, Performance modeling, Error analysis, Target detection

Read Abstract +

As a result of the increased use of machine learning (ML) applications in current society, and multi-domain operations in the foreseeable future, there is a surge in adversarial machine learning (AML). One of the domains where AML can prove to be a critical problem is cyber security; the use of AI in security software creates new attack vectors for adversaries. One example of such an attack vector is the use of adversarial domain generation algorithms (DGAs). These adversarial DGAs claim to generate malicious domains that successfully evade deep learning-based DGA detectors. We test two state-of-the-art DGA detectors that make use of deep learning: DGA Detective¹ and B-ResNet,² against four different adversarial DGAs. The tested DGAs all use different adversarial techniques and provide a fitting reflection of the types of DGAs present in literature. Additionally, they can be implemented by adversaries with basic programming and AI knowledge. We find that both DGA detectors reach near-perfect performance on real malware domains, but see a dramatic decline in performance on adversarially generated domains. To counteract the adversarial DGAs, we test two methods to improve adversarial robustness of the detectors: adversarial training and residual loss. Adversarial training results in a ~12%-20% average increase in accuracy on a data set comprised of benign domains, existing malware domains and adversarially generated domains, for both detectors. The residual loss improves average detection accuracy on the same data set with ~4% for DGA Detective, but makes for a ~5% decline in average accuracy for B-ResNet.

My Library

You currently do not have any folders to save your paper to! Create a new folder below.

Folder Name

Folder Description

View contact details

UPDATE YOUR PROFILE

Is this your profile? Update it now.

Sign into your SPIE.org account

Don’t have a profile and want one?

Create an account on SPIE.org

Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks. You are receiving this notice because your organization may not have SPIE eBooks access.*

*Shibboleth/Open Athens users─please sign in to access your institution's subscriptions.

To obtain this item, you may purchase the complete book in print or electronic format on SPIE.org.

ORGANIZATIONAL
Sign in with credentials provided by your organization.

Organizational Username

Organizational Password

Show/Hide Password

INSTITUTIONAL
Select your institution to access the SPIE Digital Library.

SELECT YOUR INSTITUTION

PERSONAL
Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.

PERSONAL SIGN IN

No SPIE Account? Create one

PURCHASE THIS CONTENT

SUBSCRIBE TO DIGITAL LIBRARY

50 downloads per 1-year subscription

Members: $195

Non-members: $335 ADD TO CART

25 downloads per 1 - year subscription

Members: $145

Non-members: $250 ADD TO CART

PURCHASE SINGLE ARTICLE

Includes PDF, HTML & Video, when available

Members:

Non-members: ADD TO CART

Keywords/Phrases

Search In:

Publication Years