AdamW+: Machine Learning Framework to Detect Domain Generation Algorithms for Malware

Awais Javed; Imran Rashid; Shahzaib Tahir; Saqib Saeed; Abdullah M. Almuhaideb; Khalid Alissa

doi:10.1109/ACCESS.2024.3407546

IEEE Access (Jan 2024)

AdamW+: Machine Learning Framework to Detect Domain Generation Algorithms for Malware

Awais Javed,
Imran Rashid,
Shahzaib Tahir,
Saqib Saeed,
Abdullah M. Almuhaideb,
Khalid Alissa

Affiliations

Awais Javed: ORCiD; College of Signals, National University of Sciences and Technology (NUST), Islamabad, Pakistan
Imran Rashid: ORCiD; College of Signals, National University of Sciences and Technology (NUST), Islamabad, Pakistan
Shahzaib Tahir: ORCiD; College of Signals, National University of Sciences and Technology (NUST), Islamabad, Pakistan
Saqib Saeed: ORCiD; Saudi Aramco Cybersecurity Chair, Department of Computer Information Systems, College of Computer Science and Information Technology, Imam Abdulrahman Bin Faisal University, Dammam, Saudi Arabia
Abdullah M. Almuhaideb: ORCiD; Saudi Aramco Cybersecurity Chair, Department of Networks and Communications, College of Computer Science and Information Technology, Imam Abdulrahman Bin Faisal University, Dammam, Saudi Arabia
Khalid Alissa: ORCiD; Saudi Aramco Cybersecurity Chair, Department of Networks and Communications, College of Computer Science and Information Technology, Imam Abdulrahman Bin Faisal University, Dammam, Saudi Arabia

DOI: https://doi.org/10.1109/ACCESS.2024.3407546
Journal volume & issue: Vol. 12
pp. 79138 – 79150

Abstract

Read online

Advanced Persistent Threats commonly use Domain Generation Algorithms to evade advanced detection methods to establish communication with their command and control servers. To overcome the DNS protocol legitimacy breach, several Domain Generation Algorithms detection methods have been proposed. To solve the problem of DGA malware detection amicably, Deep Learning based detection schemes attracted researchers’ interest recently. However, Deep Learning has already achieved optimal results and the gap is identified as fine-tuning of Deep Learning model hyper-parameters. The proposed solution is focusing on a model specific hyper-parameter known as the gradient optimizer. Gradient Optimisers are broadly categorised into Stochastic Gradient and Adaptive Moment based Gradient. Moment-based Gradient optimizer approaches are identified with suffering from weight decay and leading to poor generalization. Adaptive Moment (Adam) has improved with weight Decay as AdamW. To optimise moment-based gradient optimizers, Adam and AdamW are analyzed deeply. To optimize the functioning of AdamW, we present AdamW+, a novel solution for detecting DGA algorithms through re-implementing and nullifying the weight decay in AdamW. AdamW+ has been successfully implemented and shown promising results compared to Adam and AdamW optimizers in practice. AdamW+ preserved the properties of Adaptive Optimizer Adam while simplifying the weight decay implementation of AdamW. Empirical analysis has proved that AdamW+ has outperformed Adam and AdamW. The experimental result have substantiated that the proposed algorithm achieves the best accuracy result.

Published in IEEE Access

ISSN: 2169-3536 (Online)
Publisher: IEEE
Country of publisher: United States
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639

About the journal

Abstract

Keywords