Hardening DGA Classifiers Using Adversarial Attacks and IVAP
Grumer, Charles Arthur
MetadataShow full item record
Domain generation algorithms (DGAs) are utilized by botmasters as a way to connect malware-infected machines with the botmaster's command-and-control center (C\&C). Such a connection allows the botmaster to send and receive information between his machine and the infected machines at will, which has strong privacy, financial, and security implications at both an individual level and on a large scale. As such, the ability to identify DGA domains before users' machines have connected to them is of the utmost importance. A multitude of machine learning classifiers have been developed for the detection of DGAs, which are intended to be able to detect a specific DGA after training on domains generated by it. CharBot is an incredibly simple DGA that has been demonstrated to be very effective at fooling state-of-the-art classifiers; therefore, defensive measures must be taken against this specific technique. This thesis consists of two parts: the use of adversarial attacks to harden DGA classifiers against CharBot and the use of Inductive Venn-Abers Predictors (IVAP) to raise classifiers' predictive scores.