Dataset Open Access
HYDRA dataset
Fran Casino;
Nikolaos Lykousas;
Ivan Homoliak;
Constantinos Patsakis;
Julio Hernandez-Castro
This repository contains a large dataset for the research of domain generation algorithms (DGAs) and machine learning. At the time of writing the dataset contains more than 90m of domains and more than 100 families.
The dataset consists of SLDs from DGAs and their extracted features. The main sources for the DGAs are the following:
- DGArchive
- The DGA feed from Network Security Research Lab at 360
- The OSINT feeds for DGA from Bambenek Consulting
When the samples were sparse, we used the reversed code to create new ones.
Moreover, it has SLDs from three adversarial DGAs (referred to deception, deception2 and khaos) DGAs and SLDs from the top 1m Alexa domains.
Features by the order they appear in the dataset
- Family: DGA Family
- SLD: SLD of the domain
- L-HEX: The domain name is represented with hexadecimal characters
- L-LEN: The length of Dom
- L-DIG: The number of digits in Dom
- L-DOT: The number of dots in the raw domain
- L-CON-MAX: The maximum number of consecutive consonants Dom
- L-VOW-MAX: The maximum number of consecutive vowels Dom
- L-W2: Number of words with more than 2 characters in Dom
- L-W3: Number of words with more than 3 characters in Dom
- R-CON-VOW: Ratio of consonants and vowels ofDom
- R-Dom-3G: Ratio of benign grams in Dom-3G
- R-Dom-4G: Ratio of benign grams in Dom-4G
- R-Dom-5G: Ratio of benign grams in Dom-5G
- R-VOW-3G: Ratio of grams that contain a vowel in Dom-3G
- R-VOW-4G: Ratio of grams that contain a vowel in Dom-4G
- R-VOW-5G: Ratio of grams that contain a vowel in Dom-5G
- R-WS-LEN: Dom-WS divided by L-LEN
- R-WD-LEN: Dom-WD divided by L-LEN
- R-WDS-LEN: Dom-WDS divided by L-LEN
- R-W2-LEN: Dom-W2 divided by L-LEN
- R-W2-LEN-D: Dom-W2 divided by Dom-D
- R-W3-LEN: Dom-W3 divided by L-LEN
- R-W3-LEN-D: Dom-W3 divided by Dom-D
- GIB-1-Dom: Gibberish detector 1 applied to Dom
- GIB-1-Dom-WS: Gibberish detector 1 applied to Dom-WS
- GIB-1-Dom-D: Gibberish detector 1 applied to Dom-D
- GIB-1-Dom-WDS: Gibberish detector 1 applied to Dom-WDS
- GIB-1-Dom-W2: Gibberish detector 1 applied to Dom-W2
- GIB-1-Dom-W3: Gibberish detector 1 applied to Dom-W3
- GIB-2-Dom: Gibberish detector 2 applied to Dom
- GIB-2-Dom-WS: Gibberish detector 2 applied to Dom-WS
- GIB-2-Dom-D: Gibberish detector 2 applied to Dom-D
- GIB-2-Dom-WDS: Gibberish detector 2 applied to Dom-WDS
- GIB-2-Dom-W2: Gibberish detector 2 applied to Dom-W2
- GIB-2-Dom-W3: Gibberish detector 2 applied to Dom-W3
- E-Dom: Entropy ofDom
- E-Dom-WS: Entropy of Dom-WS
- E-Dom-D: Entropy of Dom-D
- E-Dom-WDS: Entropy of Dom-WDS
- E-Dom-W2: Entropy of Dom-W2
- E-Dom-W3: Entropy of Dom-W3
| Name | Size | |
|---|---|---|
|
dataset.7z
md5:27fbeca237b60fae65134f31025cd486 |
2.7 GB | Download |
Plohmann, Daniel, et al. "A comprehensive measurement study of domain generating malware." 25th USENIX Security Symposium (USENIX Security 16). 2016.
X. Yun, J. Huang, Y. Wang, T. Zang, Y. Zhou, and Y. Zhang, "Khaos: An adversarial neural network dga with high anti-detection ability", IEEE Transactions on Information Forensics and Security, vol. 15, pp.2225–2240, 2020.
Spooren, Jan, et al. "Detection of algorithmically generated domain names used by botnets: a dual arms race." Proceedings of the 34th ACM/SIGAPP Symposium on Applied Computing. 2019.
| All versions | This version | |
|---|---|---|
| Views | 632 | 632 |
| Downloads | 170 | 170 |
| Data volume | 458.9 GB | 458.9 GB |
| Unique views | 564 | 564 |
| Unique downloads | 107 | 107 |
- Publication date:
- July 29, 2020
- DOI:
-
- Keyword(s):
- Domain generation algorithms DGA
- Grants:
-
European Commission:
-
LOCARD - Lawful evidence collecting and continuity platform development (832735)
-
YAKSHA - Cybersecurity Awareness and Knowledge Systemic High-level Application (780498)
- CyberSec4Europe - Cyber Security Network of Competence Centres for Europe (830929)
-
LOCARD - Lawful evidence collecting and continuity platform development (832735)
- License (for files):
- Creative Commons Attribution 4.0 International