A DGA Domain Name Detection Method Based on Two-Stage Feature Reinforcement

The domain name features used in the existing domain name detection methods about domain generation algorithm (DGA) are generally easy to evade, which results in some common DGA domain name detection methods failing to effectively detect the DGA domain name. To solve the issues, we propose a DGA domain name detection method based on two-stage feature reinforcement. Firstly, we encode the domain name to obtain the domain name word vector. Secondly, the slice pyramid network (SPN) is used to process the word vector to extract the domain name feature. Thirdly, we reinforce the domain name feature by using the two-stage reinforcement method we proposed. The two-stage reinforcement method reinforces the domain name feature by adding domain name semantic information to the extracted features and reducing feature information redundancy to improve the stability of the domain name feature, meanwhile, we convert the reinforced domain name feature to the primary capsules to reduce feature loss. Finally, we use the dynamic routing algorithm to process the primary capsules to generate digital capsules, and then the digital capsules are used to detect domain names. Experimental results on domain name detection and domain name family classification both show that compared with the state-of-the-art methods, our method has better detection performances.