DGA Malware Deep Learning Detection and its Optimization with Novel Activation Function

Abstract

APTs mutually coupled with Cyber Kill Chains (CKC) and its specified phase of malicious command and control (C2) servers. These C2 servers maintain communication using malicious domains with a specially crafted malware called Domain Generating Algorithm (DGA). The DGA malware is available in different compositions and complexities associated with various APTs as well as DGA families. DGA detection is achieved using different Machine Learning (ML) models and recently DGA detection is further improved with Deep Learning (DL) models. These trained DL models have solved DGA detection using text classification, successfully classifying legitimate domains from malicious domains. DL models' optimal detection is further optimized by tuning DL key functions, one such key function is the Activation Function (AF). Primarily AF provides the property of non-linearity which is very effective in mapping and solving real-world problems. Recently reported AFs in literature are based on their superior performance in text classification are identified and analysed in these optimal DL models. Due to Long Short Term Memory (LSTM) and Attention models successful detection in text classification, LSTM with Attention is implemented for deeper analysis of these reported AFs. In this research paper, the DGA detection DL models have been simulated with the default AFs and performance of proposed AF has been tested against default AFs. The proposed AF Zash outperformed the ReLU, Hyper-Tangent (Tanh) and Swish AFs in terms of their polynomial properties. Sparse activations being core property of ReLU may miss some of significant weight updates in comparison to dense activations of exponential fixed shaped Tanh and Swish AFs. Results have shown that the proposed Zash AF have overcome the sparse activations of ReLU and has achieved proficient results in dense activations over Tanh and Swish AFs. This novel AF has shown better detection results in training and validation for text based character classification using dense activations.