RAMPAGE
A software framework to ensure reproducibility in algorithmically generated domains detection
Tomás Pelayo-Benedet (Universidad de Zaragoza)
Ricardo J. Rodríguez (Universidad de Zaragoza)
C. Hernandez Ganan (TU Delft - Organisation & Governance)
More Info
expand_more
Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.
Abstract
As part of its life cycle, malware can establish communication with its command and control server. To bypass static protection techniques, such as blocking certain IPs in firewalls or DNS server deny lists, malware can use algorithmically generated domains (AGD). Many different solutions based on deep learning have been proposed during the last years to detect this type of domains. However, there is a lack of ability to compare the proposed models because there is no common framework that allows experiments to be replicated under the same conditions. Each previous work shows its evaluation results, but under different experimentation conditions and even with different datasets. In this paper, we address this gap by proposing a software framework, dubbed Rampage (fRAMework to comPAre aGd dEtectors), focused on training and comparing machine learning models for AGD detection. Furthermore, we propose a new model that uses logistic regression and, using Rampage to obtain a fair comparison with different state-of-the-art models, achieves slightly better results than those obtained so far. In addition, the dataset built from real-world samples for evaluation, as well as the source code of Rampage, are also publicly released to facilitate its use and promote experimental reproducibility in this research field.
help_outline