DGA domain name detection model based on multiscale feature

Massive botnet attacks pose a serious threat to social stability and network security. To avoid security interception, botnets mainly use Domain Generation Algorithm (DGA) to dynamically generate a large number of malicious domain names to establish communication. Therefore, it is important to study how to detect DGA domain names more effectively, and this paper proposes a method to detect DGA domain names based on multi-scale features. In the domain name feature extraction phase, extracting domain name combination features on a multi-scale convolutional neural network (CNN) based on a compressed activation model. Simultaneously combined with bi-directional gated recurrent unit (BiGRU) to extract domain name sequence features and build hybrid deep learning models to achieve the detection of DGA domain names based on lexical combination generation. The experimental results show that the method improves the F-Score evaluation metric by 7.25% in the binary classification task compared to the CNN-only model, and also has higher detection precision for lexicon-based domain names like suppobox.