Dataset Open Access

HYDRA dataset

Fran Casino; Nikolaos Lykousas; Ivan Homoliak; Constantinos Patsakis; Julio Hernandez-Castro

 

This repository contains a large dataset for the research of domain generation algorithms (DGAs) and machine learning. At the time of writing the dataset contains more than 90m of domains and more than 100 families.

The dataset consists of SLDs from DGAs and their extracted features. The main sources for the DGAs are the following:

When the samples were sparse, we used the reversed code to create new ones.

Moreover, it has SLDs from three adversarial DGAs (referred to deception, deception2 and khaos) DGAs and SLDs from the top 1m Alexa domains.

Features by the order they appear in the dataset

  • Family: DGA Family
  • SLD: SLD of the domain
  • L-HEX: The domain name is represented with hexadecimal characters
  • L-LEN: The length of Dom
  • L-DIG: The number of digits in Dom
  • L-DOT: The number of dots in the raw domain
  • L-CON-MAX: The maximum number of consecutive consonants Dom
  • L-VOW-MAX: The maximum number of consecutive vowels Dom
  • L-W2: Number of words with more than 2 characters in Dom
  • L-W3: Number of words with more than 3 characters in Dom
  • R-CON-VOW: Ratio of consonants and vowels ofDom
  • R-Dom-3G: Ratio of benign grams in Dom-3G
  • R-Dom-4G: Ratio of benign grams in Dom-4G
  • R-Dom-5G: Ratio of benign grams in Dom-5G
  • R-VOW-3G: Ratio of grams that contain a vowel in Dom-3G
  • R-VOW-4G: Ratio of grams that contain a vowel in Dom-4G
  • R-VOW-5G: Ratio of grams that contain a vowel in Dom-5G
  • R-WS-LEN: Dom-WS divided by L-LEN
  • R-WD-LEN: Dom-WD divided by L-LEN
  • R-WDS-LEN: Dom-WDS divided by L-LEN
  • R-W2-LEN: Dom-W2 divided by L-LEN
  • R-W2-LEN-D: Dom-W2 divided by Dom-D
  • R-W3-LEN: Dom-W3 divided by L-LEN
  • R-W3-LEN-D: Dom-W3 divided by Dom-D
  • GIB-1-Dom: Gibberish detector 1 applied to Dom
  • GIB-1-Dom-WS: Gibberish detector 1 applied to Dom-WS
  • GIB-1-Dom-D: Gibberish detector 1 applied to Dom-D
  • GIB-1-Dom-WDS: Gibberish detector 1 applied to Dom-WDS
  • GIB-1-Dom-W2: Gibberish detector 1 applied to Dom-W2
  • GIB-1-Dom-W3: Gibberish detector 1 applied to Dom-W3
  • GIB-2-Dom: Gibberish detector 2 applied to Dom
  • GIB-2-Dom-WS: Gibberish detector 2 applied to Dom-WS
  • GIB-2-Dom-D: Gibberish detector 2 applied to Dom-D
  • GIB-2-Dom-WDS: Gibberish detector 2 applied to Dom-WDS
  • GIB-2-Dom-W2: Gibberish detector 2 applied to Dom-W2
  • GIB-2-Dom-W3: Gibberish detector 2 applied to Dom-W3
  • E-Dom: Entropy ofDom
  • E-Dom-WS: Entropy of Dom-WS
  • E-Dom-D: Entropy of Dom-D
  • E-Dom-WDS: Entropy of Dom-WDS
  • E-Dom-W2: Entropy of Dom-W2
  • E-Dom-W3: Entropy of Dom-W3

Files (2.7 GB)
Name Size
dataset.7z
md5:27fbeca237b60fae65134f31025cd486
2.7 GB Download
  • Plohmann, Daniel, et al. "A comprehensive measurement study of domain generating malware." 25th USENIX Security Symposium (USENIX Security 16). 2016.

  • Spooren, Jan, et al. "Detection of algorithmically generated domain names used by botnets: a dual arms race." Proceedings of the 34th ACM/SIGAPP Symposium on Applied Computing. 2019.

  • X. Yun, J. Huang, Y. Wang, T. Zang, Y. Zhou, and Y. Zhang, "Khaos: An  adversarial  neural  network  dga  with  high  anti-detection  ability", IEEE Transactions on Information Forensics and Security, vol. 15, pp.2225–2240, 2020.

208
45
views
downloads
All versions This version
Views 208208
Downloads 4545
Data volume 121.5 GB121.5 GB
Unique views 189189
Unique downloads 2222

Share

Cite as