We use cookies to improve your experience on our site.
AVID-2023-V002
Description
Botnet Domain Generation Algorithm (DGA) Detection Evasion
Details
The Palo Alto Networks Security AI research team was able to bypass a Convolutional Neural Network based botnet Domain Generation Algorithm (DGA) detector using a generic domain name mutation technique. It is a generic domain mutation technique which can evade most ML-based DGA detection modules. The generic mutation technique evades most ML-based DGA detection modules DGA and can be used to test the effectiveness and robustness of all DGA detection methods developed by security companies in the industry before they is deployed to the production environment.
References
- Botnet Domain Generation Algorithm (DGA) Detection Evasion
- Yu, Bin, Jie Pan, Jiaming Hu, Anderson Nascimento, and Martine De Cock. “Character level based detection of DGA domain names.” In 2018 International Joint Conference on Neural Networks (IJCNN), pp. 1-8. IEEE, 2018.
- Degas source code
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0403: Adversarial Example
- Lifecycle stages: L06: Deployment
Affected or Relevant Artifacts
- Developer:
- Deployer: Palo Alto Networks ML-based DGA detection module
- Artifact Details:
Type Name System Palo Alto Networks ML-based DGA detection module
Other information
- Vulnerability Class: ATLAS Case Study
- Date Published: 2023-03-31
- Date Last Modified: 2023-03-31
- Version: 0.2
- AVID Entry