Published July 29, 2020
| Version 1.0
Dataset
Open
HYDRA dataset
Creators
- 1. University of Piraeus
- 2. Brno University of Technology
- 3. University of Kent
Description
This repository contains a large dataset for the research of domain generation algorithms (DGAs) and machine learning. At the time of writing the dataset contains more than 90m of domains and more than 100 families.
The dataset consists of SLDs from DGAs and their extracted features. The main sources for the DGAs are the following:
- DGArchive
- The DGA feed from Network Security Research Lab at 360
- The OSINT feeds for DGA from Bambenek Consulting
When the samples were sparse, we used the reversed code to create new ones.
Moreover, it has SLDs from three adversarial DGAs (referred to deception, deception2 and khaos) DGAs and SLDs from the top 1m Alexa domains.
Features by the order they appear in the dataset
- Family: DGA Family
- SLD: SLD of the domain
- L-HEX: The domain name is represented with hexadecimal characters
- L-LEN: The length of Dom
- L-DIG: The number of digits in Dom
- L-DOT: The number of dots in the raw domain
- L-CON-MAX: The maximum number of consecutive consonants Dom
- L-VOW-MAX: The maximum number of consecutive vowels Dom
- L-W2: Number of words with more than 2 characters in Dom
- L-W3: Number of words with more than 3 characters in Dom
- R-CON-VOW: Ratio of consonants and vowels ofDom
- R-Dom-3G: Ratio of benign grams in Dom-3G
- R-Dom-4G: Ratio of benign grams in Dom-4G
- R-Dom-5G: Ratio of benign grams in Dom-5G
- R-VOW-3G: Ratio of grams that contain a vowel in Dom-3G
- R-VOW-4G: Ratio of grams that contain a vowel in Dom-4G
- R-VOW-5G: Ratio of grams that contain a vowel in Dom-5G
- R-WS-LEN: Dom-WS divided by L-LEN
- R-WD-LEN: Dom-WD divided by L-LEN
- R-WDS-LEN: Dom-WDS divided by L-LEN
- R-W2-LEN: Dom-W2 divided by L-LEN
- R-W2-LEN-D: Dom-W2 divided by Dom-D
- R-W3-LEN: Dom-W3 divided by L-LEN
- R-W3-LEN-D: Dom-W3 divided by Dom-D
- GIB-1-Dom: Gibberish detector 1 applied to Dom
- GIB-1-Dom-WS: Gibberish detector 1 applied to Dom-WS
- GIB-1-Dom-D: Gibberish detector 1 applied to Dom-D
- GIB-1-Dom-WDS: Gibberish detector 1 applied to Dom-WDS
- GIB-1-Dom-W2: Gibberish detector 1 applied to Dom-W2
- GIB-1-Dom-W3: Gibberish detector 1 applied to Dom-W3
- GIB-2-Dom: Gibberish detector 2 applied to Dom
- GIB-2-Dom-WS: Gibberish detector 2 applied to Dom-WS
- GIB-2-Dom-D: Gibberish detector 2 applied to Dom-D
- GIB-2-Dom-WDS: Gibberish detector 2 applied to Dom-WDS
- GIB-2-Dom-W2: Gibberish detector 2 applied to Dom-W2
- GIB-2-Dom-W3: Gibberish detector 2 applied to Dom-W3
- E-Dom: Entropy ofDom
- E-Dom-WS: Entropy of Dom-WS
- E-Dom-D: Entropy of Dom-D
- E-Dom-WDS: Entropy of Dom-WDS
- E-Dom-W2: Entropy of Dom-W2
- E-Dom-W3: Entropy of Dom-W3
Files
Files
(2.7 GB)
| Name | Size | Download all |
|---|---|---|
|
md5:27fbeca237b60fae65134f31025cd486
|
2.7 GB | Download |
Additional details
Funding
- LOCARD – Lawful evidence collecting and continuity platform development 832735
- European Commission
- YAKSHA – Cybersecurity Awareness and Knowledge Systemic High-level Application 780498
- European Commission
- CyberSec4Europe – Cyber Security Network of Competence Centres for Europe 830929
- European Commission
References
- Plohmann, Daniel, et al. "A comprehensive measurement study of domain generating malware." 25th USENIX Security Symposium (USENIX Security 16). 2016.
- X. Yun, J. Huang, Y. Wang, T. Zang, Y. Zhou, and Y. Zhang, "Khaos: An adversarial neural network dga with high anti-detection ability", IEEE Transactions on Information Forensics and Security, vol. 15, pp.2225–2240, 2020.
- Spooren, Jan, et al. "Detection of algorithmically generated domain names used by botnets: a dual arms race." Proceedings of the 34th ACM/SIGAPP Symposium on Applied Computing. 2019.