CGFMD: CNN and GRU Based Framework for Malicious Domain Name Detection

With the rapid development of Internet technology, the Internet has penetrated into all aspects of people’s life. Botnet and malware are important issues facing network security. These malicious services often use Domain Generation Algorithm (DGA) to avoid security detection. DGA detection is one of the key technologies of malicious C & C communication detection. The identification of malicious domain names generated by DGA has always been an important topic to maintain network security. At present, there are some problems in the identification of malicious domain names, such as single identification method, low accuracy and low identification efficiency. We propose a malicious domain name detection model CGFMD based on CNN-GRU. It combines word vector mapping with convolution neural network to automatically extract the potential features of malicious domain names. At the same time, GRU network is added to the model to solve the long-term dependence problem. The experimental results show that CGFMD algorithm has higher detection accuracy and lower false positive rate than traditional methods. It saves cumbersome manual feature extraction, and can recognize DGA domain names efficiently.