First Step Towards EXPLAINable DGA Multiclass Classification
- URL: http://arxiv.org/abs/2106.12336v1
- Date: Wed, 23 Jun 2021 12:05:13 GMT
- Title: First Step Towards EXPLAINable DGA Multiclass Classification
- Authors: Arthur Drichel, Nils Faerber, Ulrike Meyer
- Abstract summary: Malware families rely on domain generation algorithms (DGAs) to establish a connection to their command and control (C2) server.
In this paper, we propose EXPLAIN, a feature-based and contextless DGA multiclass classifier.
- Score: 0.6767885381740952
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Numerous malware families rely on domain generation algorithms (DGAs) to
establish a connection to their command and control (C2) server. Counteracting
DGAs, several machine learning classifiers have been proposed enabling the
identification of the DGA that generated a specific domain name and thus
triggering targeted remediation measures. However, the proposed
state-of-the-art classifiers are based on deep learning models. The black box
nature of these makes it difficult to evaluate their reasoning. The resulting
lack of confidence makes the utilization of such models impracticable. In this
paper, we propose EXPLAIN, a feature-based and contextless DGA multiclass
classifier. We comparatively evaluate several combinations of feature sets and
hyperparameters for our approach against several state-of-the-art classifiers
in a unified setting on the same real-world data. Our classifier achieves
competitive results, is real-time capable, and its predictions are easier to
trace back to features than the predictions made by the DGA multiclass
classifiers proposed in related work.
Related papers
- Generative Multi-modal Models are Good Class-Incremental Learners [51.5648732517187]
We propose a novel generative multi-modal model (GMM) framework for class-incremental learning.
Our approach directly generates labels for images using an adapted generative model.
Under the Few-shot CIL setting, we have improved by at least 14% accuracy over all the current state-of-the-art methods with significantly less forgetting.
arXiv Detail & Related papers (2024-03-27T09:21:07Z) - Toward Multi-class Anomaly Detection: Exploring Class-aware Unified Model against Inter-class Interference [67.36605226797887]
We introduce a Multi-class Implicit Neural representation Transformer for unified Anomaly Detection (MINT-AD)
By learning the multi-class distributions, the model generates class-aware query embeddings for the transformer decoder.
MINT-AD can project category and position information into a feature embedding space, further supervised by classification and prior probability loss functions.
arXiv Detail & Related papers (2024-03-21T08:08:31Z) - Parametric Classification for Generalized Category Discovery: A Baseline
Study [70.73212959385387]
Generalized Category Discovery (GCD) aims to discover novel categories in unlabelled datasets using knowledge learned from labelled samples.
We investigate the failure of parametric classifiers, verify the effectiveness of previous design choices when high-quality supervision is available, and identify unreliable pseudo-labels as a key problem.
We propose a simple yet effective parametric classification method that benefits from entropy regularisation, achieves state-of-the-art performance on multiple GCD benchmarks and shows strong robustness to unknown class numbers.
arXiv Detail & Related papers (2022-11-21T18:47:11Z) - Detecting Unknown DGAs without Context Information [3.8424737607413153]
New malware often incorporates Domain Generation Algorithms (DGAs) to avoid blocking the malware's connection to the command and control (C2) server.
Current state-of-the-art classifiers are able to separate benign from malicious domains (binary classification) and attribute them with high probability to the DGAs that generated them (multiclass classification)
While binary classifiers can label domains of yet unknown DGAs as malicious, multiclass classifiers can only assign domains to DGAs that are known at the time of training, limiting the ability to uncover new malware families.
arXiv Detail & Related papers (2022-05-30T09:08:50Z) - Learning-From-Disagreement: A Model Comparison and Visual Analytics
Framework [21.055845469999532]
We propose a learning-from-disagreement framework to visually compare two classification models.
Specifically, we train a discriminator to learn from the disagreed instances.
We interpret the trained discriminator with the SHAP values of different meta-features.
arXiv Detail & Related papers (2022-01-19T20:15:35Z) - Few-Shot Named Entity Recognition: A Comprehensive Study [92.40991050806544]
We investigate three schemes to improve the model generalization ability for few-shot settings.
We perform empirical comparisons on 10 public NER datasets with various proportions of labeled data.
We create new state-of-the-art results on both few-shot and training-free settings.
arXiv Detail & Related papers (2020-12-29T23:43:16Z) - Learning and Evaluating Representations for Deep One-class
Classification [59.095144932794646]
We present a two-stage framework for deep one-class classification.
We first learn self-supervised representations from one-class data, and then build one-class classifiers on learned representations.
In experiments, we demonstrate state-of-the-art performance on visual domain one-class classification benchmarks.
arXiv Detail & Related papers (2020-11-04T23:33:41Z) - Making Use of NXt to Nothing: The Effect of Class Imbalances on DGA
Detection Classifiers [3.0969191504482243]
It is unclear whether the inclusion of DGAs for which only a few samples are known to the training sets is beneficial or harmful to the overall performance of the classifiers.
In this paper, we perform a comprehensive analysis of various contextless DGA classifiers, which reveals the high value of a few training samples per class for both classification tasks.
arXiv Detail & Related papers (2020-07-01T07:51:12Z) - Analyzing the Real-World Applicability of DGA Classifiers [3.0969191504482243]
We propose a novel classifier for separating benign domains from domains generated by DGAs.
We evaluate their classification performance and compare them with respect to explainability, robustness, and training and classification speed.
Our newly proposed binary classifier generalizes well to other networks, is time-robust, and able to identify previously unknown DGAs.
arXiv Detail & Related papers (2020-06-19T12:34:05Z) - Diversity-Aware Weighted Majority Vote Classifier for Imbalanced Data [1.2944868613449219]
We propose a diversity-aware ensemble learning based algorithm, DAMVI, to deal with imbalanced binary classification tasks.
We show efficiency of the proposed approach with respect to state-of-art models on predictive maintenance task, credit card fraud detection, webpage classification and medical applications.
arXiv Detail & Related papers (2020-04-16T11:27:50Z) - Fine-Grained Visual Classification via Progressive Multi-Granularity
Training of Jigsaw Patches [67.51747235117]
Fine-grained visual classification (FGVC) is much more challenging than traditional classification tasks.
Recent works mainly tackle this problem by focusing on how to locate the most discriminative parts.
We propose a novel framework for fine-grained visual classification to tackle these problems.
arXiv Detail & Related papers (2020-03-08T19:27:30Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.