TITAN DGA: Uma GAN Otimizada por Divergência KL com Autoencoder Baseado em Transformers para Geração de Domínios Maliciosos
Resumo
DGAs convencionais usam sementes pseudoaleatórias fixas, enquanto os adversariais se adaptam, absorvendo traços léxicos e estatísticos de domínios benignos. Apresentamos o TITAN DGA, uma GAN adversarial que combina autoencoder transformer e divergência de Kullback–Leibler para estabilizar o treinamento. Tokenizamos domínios benignos com SentencePiece e empregamos um encoder–decoder transformer para modelar dependências de caracteres, alinhando distribuições latentes via KL para gerar amostras realistas. Em avaliações com os classificadores FANCI, LSTM.MI e Bilbo, e em comparação com CDGA, CharBot, Deception DGA, DeepDGA e MaskDGA, o TITAN DGA obteve desempenho superior em evasão.Referências
Afifi, H., Pochaba, S., Boltres, A., Laniewski, D., Haberer, J., Paeleke, L., Poorzare, R., Stolpmann, D., Wehner, N., Redder, A., Samikwa, E., and Seufert, M. (2024). Machine learning with computer networks: Techniques, datasets, and models. IEEE Access, 12:54673–54720.
Alieyan, K., ALmomani, A., Manasrah, A., and Kadhum, M. M. (2017). A survey of botnet detection based on dns. Neural Computing and Applications, 28(7):1541–1558.
Anderson, H. S., Woodbridge, J., and Filar, B. (2016). Deepdga: Adversarially-tuned domain generation and detection. In Proceedings of the 2016 ACM Workshop on Artificial Intelligence and Security, AISec ’16, page 13–21, New York, NY, USA. Association for Computing Machinery.
Antonakakis, M., Perdisci, R., Nadji, Y., Vasiloglou, N., Abu-Nimeh, S., Lee, W., and Dagon, D. (2012). From Throw-Away traffic to bots: Detecting the rise of DGA-Based malware. In 21st USENIX Security Symposium (USENIX Security 12), pages 491–506, Bellevue, WA. USENIX Association.
Bianchi, J.-L. A. C., Pregardier, R. C., Silva, L. A. L., and dos Santos, C. R. P. (2025). 2Pack-GAN: Exploring transfer learning to fine-tune generative adversarial networks for network packet generation. In Proceedings of the IEEE/IFIP Network Operations and Management Symposium (NOMS), Honolulu, HI, USA. IEEE.
Diao, S., Shen, X., Shum, K., Song, Y., and Zhang, T. (2021). TILGAN: Transformer-based implicit latent GAN for diverse and coherent text generation. In Findings of the Association for Computational Linguistics: ACL-IJCNLP 2021, pages 4844–4858, Online. Association for Computational Linguistics.
Fraunhofer FKIE (2020). Dgarchive: Database of domain generation algorithm domains. [link].
Highnam, K., Puzio, D., Luo, S., and Jennings, N. R. (2020). Real-time detection of dictionary dga network traffic using deep learning.
Hu, X., Chen, H., Li, M., Cheng, G., Li, R., Wu, H., and Yuan, Y. (2023). Replacedga: Bilstm-based adversarial dga with high anti-detection ability. IEEE Transactions on Information Forensics and Security, 18:4406–4421.
Le Pochat, V., Van Goethem, T., Tajalizadehkhoob, S., Korczynski, M., and Joosen, W. (2019). Tranco: A research-oriented top sites ranking hardened against manipulation. In Proceedings 2019 Network and Distributed System Security Symposium, NDSS 2019. Internet Society.
Li, Y., Xiong, K., Chin, T., and Hu, C. (2019). A machine learning framework for domain generation algorithm-based malware detection. IEEE Access, 7:32765–32782.
Lin, Z., Khetan, A., Fanti, G., and Oh, S. (2018). Pacgan: The power of two samples in generative adversarial networks. Advances in neural information processing systems, 31.
Liu, W., Zhang, Z., Huang, C., and Fang, Y. (2021). Cleter: A character-level evasion technique against deep learning dga classifiers. EAI Endorsed Transactions on Security and Safety, 7(24).
Papineni, K., Roukos, S., Ward, T., and Zhu, W.-J. (2002). Bleu: a method for automatic evaluation of machine translation. In Proceedings of the 40th Annual Meeting on Association for Computational Linguistics, ACL ’02, page 311–318, USA. Association for Computational Linguistics.
Peck, J., Nie, C., Sivaguru, R., Grumer, C., Olumofin, F., Yu, B., Nascimento, A., and De Cock, M. (2019). Charbot: A simple and effective method for evading dga classifiers. IEEE Access, 7:91759–91771.
Plohmann, D., Yakdan, K., Klatt, M., Bader, J., and Gerhards-Padilla, E. (2016). A comprehensive measurement study of domain generating malware. In Proceedings of the 25th USENIX Conference on Security Symposium, SEC’16, page 263–278, USA. USENIX Association.
Schüppen, S., Teubert, D., Herrmann, P., and Meyer, U. (2018). Fanci: feature-based automated nxdomain classification and intelligence. In Proceedings of the 27th USENIX Conference on Security Symposium, SEC’18, page 1165–1181, USA. USENIX Association.
Sidi, L., Nadler, A., and Shabtai, A. (2019). Maskdga: A black-box evasion technique against dga classifiers and adversarial defenses. arXiv preprint arXiv:1902.08909.
Sivaguru, R., Choudhary, C., Yu, B., Tymchenko, V., Nascimento, A., and Cock, M. D. (2018). An evaluation of dga classifiers. In 2018 IEEE International Conference on Big Data (Big Data), pages 5058–5067.
Spooren, J., Preuveneers, D., Desmet, L., Janssen, P., and Joosen, W. (2019). Detection of algorithmically generated domain names used by botnets: a dual arms race. In Proceedings of the 34th ACM/SIGAPP Symposium on Applied Computing, SAC ’19, page 1916–1923, New York, NY, USA. Association for Computing Machinery.
Tran, D., Mac, H., Tong, V., Tran, H. A., and Nguyen, L. G. (2018). A lstm based framework for handling multiclass imbalance in dga botnet detection. Neurocomputing, 275:2401–2413.
Woodbridge, J., Anderson, H. S., Ahuja, A., and Grant, D. (2016). Predicting domain generation algorithms with long short-term memory networks. arXiv preprint arXiv:1611.00791.
Yun, X., Huang, J., Wang, Y., Zang, T., Zhou, Y., and Zhang, Y. (2020). Khaos: An adversarial neural network dga with high anti-detection ability. IEEE Transactions on Information Forensics and Security, 15:2225–2240.
Zeng, K.-H., Shoeybi, M., and Liu, M.-Y. (2020). Style example-guided text generation using generative adversarial transformers. arXiv preprint arXiv:2003.00674.
Zhai, Y., Yang, J., Wang, Z., He, L., Yang, L., and Li, Z. (2022). Cdga: A gan-based controllable domain generation algorithm. In 2022 IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pages 352–360.
Alieyan, K., ALmomani, A., Manasrah, A., and Kadhum, M. M. (2017). A survey of botnet detection based on dns. Neural Computing and Applications, 28(7):1541–1558.
Anderson, H. S., Woodbridge, J., and Filar, B. (2016). Deepdga: Adversarially-tuned domain generation and detection. In Proceedings of the 2016 ACM Workshop on Artificial Intelligence and Security, AISec ’16, page 13–21, New York, NY, USA. Association for Computing Machinery.
Antonakakis, M., Perdisci, R., Nadji, Y., Vasiloglou, N., Abu-Nimeh, S., Lee, W., and Dagon, D. (2012). From Throw-Away traffic to bots: Detecting the rise of DGA-Based malware. In 21st USENIX Security Symposium (USENIX Security 12), pages 491–506, Bellevue, WA. USENIX Association.
Bianchi, J.-L. A. C., Pregardier, R. C., Silva, L. A. L., and dos Santos, C. R. P. (2025). 2Pack-GAN: Exploring transfer learning to fine-tune generative adversarial networks for network packet generation. In Proceedings of the IEEE/IFIP Network Operations and Management Symposium (NOMS), Honolulu, HI, USA. IEEE.
Diao, S., Shen, X., Shum, K., Song, Y., and Zhang, T. (2021). TILGAN: Transformer-based implicit latent GAN for diverse and coherent text generation. In Findings of the Association for Computational Linguistics: ACL-IJCNLP 2021, pages 4844–4858, Online. Association for Computational Linguistics.
Fraunhofer FKIE (2020). Dgarchive: Database of domain generation algorithm domains. [link].
Highnam, K., Puzio, D., Luo, S., and Jennings, N. R. (2020). Real-time detection of dictionary dga network traffic using deep learning.
Hu, X., Chen, H., Li, M., Cheng, G., Li, R., Wu, H., and Yuan, Y. (2023). Replacedga: Bilstm-based adversarial dga with high anti-detection ability. IEEE Transactions on Information Forensics and Security, 18:4406–4421.
Le Pochat, V., Van Goethem, T., Tajalizadehkhoob, S., Korczynski, M., and Joosen, W. (2019). Tranco: A research-oriented top sites ranking hardened against manipulation. In Proceedings 2019 Network and Distributed System Security Symposium, NDSS 2019. Internet Society.
Li, Y., Xiong, K., Chin, T., and Hu, C. (2019). A machine learning framework for domain generation algorithm-based malware detection. IEEE Access, 7:32765–32782.
Lin, Z., Khetan, A., Fanti, G., and Oh, S. (2018). Pacgan: The power of two samples in generative adversarial networks. Advances in neural information processing systems, 31.
Liu, W., Zhang, Z., Huang, C., and Fang, Y. (2021). Cleter: A character-level evasion technique against deep learning dga classifiers. EAI Endorsed Transactions on Security and Safety, 7(24).
Papineni, K., Roukos, S., Ward, T., and Zhu, W.-J. (2002). Bleu: a method for automatic evaluation of machine translation. In Proceedings of the 40th Annual Meeting on Association for Computational Linguistics, ACL ’02, page 311–318, USA. Association for Computational Linguistics.
Peck, J., Nie, C., Sivaguru, R., Grumer, C., Olumofin, F., Yu, B., Nascimento, A., and De Cock, M. (2019). Charbot: A simple and effective method for evading dga classifiers. IEEE Access, 7:91759–91771.
Plohmann, D., Yakdan, K., Klatt, M., Bader, J., and Gerhards-Padilla, E. (2016). A comprehensive measurement study of domain generating malware. In Proceedings of the 25th USENIX Conference on Security Symposium, SEC’16, page 263–278, USA. USENIX Association.
Schüppen, S., Teubert, D., Herrmann, P., and Meyer, U. (2018). Fanci: feature-based automated nxdomain classification and intelligence. In Proceedings of the 27th USENIX Conference on Security Symposium, SEC’18, page 1165–1181, USA. USENIX Association.
Sidi, L., Nadler, A., and Shabtai, A. (2019). Maskdga: A black-box evasion technique against dga classifiers and adversarial defenses. arXiv preprint arXiv:1902.08909.
Sivaguru, R., Choudhary, C., Yu, B., Tymchenko, V., Nascimento, A., and Cock, M. D. (2018). An evaluation of dga classifiers. In 2018 IEEE International Conference on Big Data (Big Data), pages 5058–5067.
Spooren, J., Preuveneers, D., Desmet, L., Janssen, P., and Joosen, W. (2019). Detection of algorithmically generated domain names used by botnets: a dual arms race. In Proceedings of the 34th ACM/SIGAPP Symposium on Applied Computing, SAC ’19, page 1916–1923, New York, NY, USA. Association for Computing Machinery.
Tran, D., Mac, H., Tong, V., Tran, H. A., and Nguyen, L. G. (2018). A lstm based framework for handling multiclass imbalance in dga botnet detection. Neurocomputing, 275:2401–2413.
Woodbridge, J., Anderson, H. S., Ahuja, A., and Grant, D. (2016). Predicting domain generation algorithms with long short-term memory networks. arXiv preprint arXiv:1611.00791.
Yun, X., Huang, J., Wang, Y., Zang, T., Zhou, Y., and Zhang, Y. (2020). Khaos: An adversarial neural network dga with high anti-detection ability. IEEE Transactions on Information Forensics and Security, 15:2225–2240.
Zeng, K.-H., Shoeybi, M., and Liu, M.-Y. (2020). Style example-guided text generation using generative adversarial transformers. arXiv preprint arXiv:2003.00674.
Zhai, Y., Yang, J., Wang, Z., He, L., Yang, L., and Li, Z. (2022). Cdga: A gan-based controllable domain generation algorithm. In 2022 IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pages 352–360.
Publicado
01/09/2025
Como Citar
PREGARDIER, Rafael C.; BIANCHI JR., Luiz A. C.; COSSETIN NETO, Alfredo; FULBER-GARCIA, Vinicius; SILVA, Luis A. L.; SANTOS, Carlos R. P. dos.
TITAN DGA: Uma GAN Otimizada por Divergência KL com Autoencoder Baseado em Transformers para Geração de Domínios Maliciosos. In: SIMPÓSIO BRASILEIRO DE CIBERSEGURANÇA (SBSEG), 25. , 2025, Foz do Iguaçu/PR.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2025
.
p. 855-870.
DOI: https://doi.org/10.5753/sbseg.2025.11400.
