Dataset Open Access

HYDRA dataset

Fran Casino; Nikolaos Lykousas; Ivan Homoliak; Constantinos Patsakis; Julio Hernandez-Castro


DataCite XML Export

<?xml version='1.0' encoding='utf-8'?>
<resource xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://datacite.org/schema/kernel-4" xsi:schemaLocation="http://datacite.org/schema/kernel-4 http://schema.datacite.org/meta/kernel-4.1/metadata.xsd">
  <identifier identifierType="DOI">10.5281/zenodo.3965397</identifier>
  <creators>
    <creator>
      <creatorName>Fran Casino</creatorName>
      <nameIdentifier nameIdentifierScheme="ORCID" schemeURI="http://orcid.org/">0000-0003-4296-2876</nameIdentifier>
      <affiliation>University of Piraeus</affiliation>
    </creator>
    <creator>
      <creatorName>Nikolaos Lykousas</creatorName>
      <nameIdentifier nameIdentifierScheme="ORCID" schemeURI="http://orcid.org/">0000-0001-8874-1230</nameIdentifier>
      <affiliation>University of Piraeus</affiliation>
    </creator>
    <creator>
      <creatorName>Ivan Homoliak</creatorName>
      <nameIdentifier nameIdentifierScheme="ORCID" schemeURI="http://orcid.org/">0000-0002-0790-0875</nameIdentifier>
      <affiliation>Brno University of Technology</affiliation>
    </creator>
    <creator>
      <creatorName>Constantinos Patsakis</creatorName>
      <nameIdentifier nameIdentifierScheme="ORCID" schemeURI="http://orcid.org/">0000-0002-4460-9331</nameIdentifier>
      <affiliation>University of Piraeus</affiliation>
    </creator>
    <creator>
      <creatorName>Julio Hernandez-Castro</creatorName>
      <nameIdentifier nameIdentifierScheme="ORCID" schemeURI="http://orcid.org/">0000-0002-6432-5328</nameIdentifier>
      <affiliation>University of Kent</affiliation>
    </creator>
  </creators>
  <titles>
    <title>HYDRA dataset</title>
  </titles>
  <publisher>Zenodo</publisher>
  <publicationYear>2020</publicationYear>
  <subjects>
    <subject>Domain generation algorithms</subject>
    <subject>DGA</subject>
  </subjects>
  <dates>
    <date dateType="Issued">2020-07-29</date>
  </dates>
  <resourceType resourceTypeGeneral="Dataset"/>
  <alternateIdentifiers>
    <alternateIdentifier alternateIdentifierType="url">https://zenodo.org/record/3965397</alternateIdentifier>
  </alternateIdentifiers>
  <relatedIdentifiers>
    <relatedIdentifier relatedIdentifierType="DOI" relationType="IsVersionOf">10.5281/zenodo.3965396</relatedIdentifier>
  </relatedIdentifiers>
  <version>1.0</version>
  <rightsList>
    <rights rightsURI="https://creativecommons.org/licenses/by/4.0/legalcode">Creative Commons Attribution 4.0 International</rights>
    <rights rightsURI="info:eu-repo/semantics/openAccess">Open Access</rights>
  </rightsList>
  <descriptions>
    <description descriptionType="Abstract">&lt;p&gt;&amp;nbsp;&lt;/p&gt;

&lt;p&gt;This repository contains a large dataset for the research of domain generation algorithms (DGAs) and machine learning. At the time of writing the dataset contains more than 90m of domains and more than 100 families.&lt;/p&gt;

&lt;p&gt;The dataset consists of SLDs from DGAs and their extracted features. The main sources for the DGAs are the following:&lt;/p&gt;

&lt;ul&gt;
	&lt;li&gt;&lt;a href="https://dgarchive.caad.fkie.fraunhofer.de/"&gt;DGArchive&lt;/a&gt;&lt;/li&gt;
	&lt;li&gt;&lt;a href="https://data.netlab.360.com/dga/"&gt;The DGA feed from Network Security Research Lab at 360&lt;/a&gt;&lt;/li&gt;
	&lt;li&gt;&lt;a href="http://osint.bambenekconsulting.com/feeds/"&gt;The OSINT feeds for DGA from Bambenek Consulting&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;When the samples were sparse, we used the reversed code to create new ones.&lt;/p&gt;

&lt;ul&gt;
	&lt;li&gt;&lt;a href="https://github.com/baderj/domain_generation_algorithms"&gt;Johannes Bader Github repo&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Moreover, it has SLDs from three adversarial DGAs (referred to deception, deception2 and khaos) DGAs and SLDs from the top 1m Alexa domains.&lt;/p&gt;

&lt;p&gt;Features by the order they appear in the dataset&lt;/p&gt;

&lt;ul&gt;
	&lt;li&gt;Family: DGA Family&lt;/li&gt;
	&lt;li&gt;SLD: SLD of the domain&lt;/li&gt;
	&lt;li&gt;L-HEX: The domain name is represented with hexadecimal characters&lt;/li&gt;
	&lt;li&gt;L-LEN: The length of Dom&lt;/li&gt;
	&lt;li&gt;L-DIG: The number of digits in Dom&lt;/li&gt;
	&lt;li&gt;L-DOT: The number of dots in the raw domain&lt;/li&gt;
	&lt;li&gt;L-CON-MAX: The maximum number of consecutive consonants Dom&lt;/li&gt;
	&lt;li&gt;L-VOW-MAX: The maximum number of consecutive vowels Dom&lt;/li&gt;
	&lt;li&gt;L-W2: Number of words with more than 2 characters in Dom&lt;/li&gt;
	&lt;li&gt;L-W3: Number of words with more than 3 characters in Dom&lt;/li&gt;
	&lt;li&gt;R-CON-VOW: Ratio of consonants and vowels ofDom&lt;/li&gt;
	&lt;li&gt;R-Dom-3G: Ratio of benign grams in Dom-3G&lt;/li&gt;
	&lt;li&gt;R-Dom-4G: Ratio of benign grams in Dom-4G&lt;/li&gt;
	&lt;li&gt;R-Dom-5G: Ratio of benign grams in Dom-5G&lt;/li&gt;
	&lt;li&gt;R-VOW-3G: Ratio of grams that contain a vowel in Dom-3G&lt;/li&gt;
	&lt;li&gt;R-VOW-4G: Ratio of grams that contain a vowel in Dom-4G&lt;/li&gt;
	&lt;li&gt;R-VOW-5G: Ratio of grams that contain a vowel in Dom-5G&lt;/li&gt;
	&lt;li&gt;R-WS-LEN: Dom-WS divided by L-LEN&lt;/li&gt;
	&lt;li&gt;R-WD-LEN: Dom-WD divided by L-LEN&lt;/li&gt;
	&lt;li&gt;R-WDS-LEN: Dom-WDS divided by L-LEN&lt;/li&gt;
	&lt;li&gt;R-W2-LEN: Dom-W2 divided by L-LEN&lt;/li&gt;
	&lt;li&gt;R-W2-LEN-D: Dom-W2 divided by Dom-D&lt;/li&gt;
	&lt;li&gt;R-W3-LEN: Dom-W3 divided by L-LEN&lt;/li&gt;
	&lt;li&gt;R-W3-LEN-D: Dom-W3 divided by Dom-D&lt;/li&gt;
	&lt;li&gt;GIB-1-Dom: Gibberish detector 1 applied to Dom&lt;/li&gt;
	&lt;li&gt;GIB-1-Dom-WS: Gibberish detector 1 applied to Dom-WS&lt;/li&gt;
	&lt;li&gt;GIB-1-Dom-D: Gibberish detector 1 applied to Dom-D&lt;/li&gt;
	&lt;li&gt;GIB-1-Dom-WDS: Gibberish detector 1 applied to Dom-WDS&lt;/li&gt;
	&lt;li&gt;GIB-1-Dom-W2: Gibberish detector 1 applied to Dom-W2&lt;/li&gt;
	&lt;li&gt;GIB-1-Dom-W3: Gibberish detector 1 applied to Dom-W3&lt;/li&gt;
	&lt;li&gt;GIB-2-Dom: Gibberish detector 2 applied to Dom&lt;/li&gt;
	&lt;li&gt;GIB-2-Dom-WS: Gibberish detector 2 applied to Dom-WS&lt;/li&gt;
	&lt;li&gt;GIB-2-Dom-D: Gibberish detector 2 applied to Dom-D&lt;/li&gt;
	&lt;li&gt;GIB-2-Dom-WDS: Gibberish detector 2 applied to Dom-WDS&lt;/li&gt;
	&lt;li&gt;GIB-2-Dom-W2: Gibberish detector 2 applied to Dom-W2&lt;/li&gt;
	&lt;li&gt;GIB-2-Dom-W3: Gibberish detector 2 applied to Dom-W3&lt;/li&gt;
	&lt;li&gt;E-Dom: Entropy ofDom&lt;/li&gt;
	&lt;li&gt;E-Dom-WS: Entropy of Dom-WS&lt;/li&gt;
	&lt;li&gt;E-Dom-D: Entropy of Dom-D&lt;/li&gt;
	&lt;li&gt;E-Dom-WDS: Entropy of Dom-WDS&lt;/li&gt;
	&lt;li&gt;E-Dom-W2: Entropy of Dom-W2&lt;/li&gt;
	&lt;li&gt;E-Dom-W3: Entropy of Dom-W3&lt;/li&gt;
&lt;/ul&gt;</description>
    <description descriptionType="Other">{"references": ["Plohmann, Daniel, et al. \"A comprehensive measurement study of domain generating malware.\" 25th USENIX Security Symposium (USENIX\u00a0Security 16). 2016.", "X. Yun, J. Huang, Y. Wang, T. Zang, Y. Zhou, and Y. Zhang, \"Khaos: An \u00a0adversarial \u00a0neural \u00a0network \u00a0dga \u00a0with \u00a0high \u00a0anti-detection \u00a0ability\", IEEE Transactions on Information Forensics and Security, vol. 15, pp.2225\u20132240, 2020.", "Spooren, Jan, et al. \"Detection of algorithmically generated domain names used by botnets: a dual arms race.\" Proceedings of the 34th ACM/SIGAPP Symposium on Applied Computing. 2019."]}</description>
  </descriptions>
  <fundingReferences>
    <fundingReference>
      <funderName>European Commission</funderName>
      <funderIdentifier funderIdentifierType="Crossref Funder ID">10.13039/501100000780</funderIdentifier>
      <awardNumber awardURI="info:eu-repo/grantAgreement/EC/H2020/832735/">832735</awardNumber>
      <awardTitle>Lawful evidence collecting and continuity platform development</awardTitle>
    </fundingReference>
    <fundingReference>
      <funderName>European Commission</funderName>
      <funderIdentifier funderIdentifierType="Crossref Funder ID">10.13039/501100000780</funderIdentifier>
      <awardNumber awardURI="info:eu-repo/grantAgreement/EC/H2020/780498/">780498</awardNumber>
      <awardTitle>Cybersecurity Awareness and Knowledge Systemic High-level Application</awardTitle>
    </fundingReference>
    <fundingReference>
      <funderName>European Commission</funderName>
      <funderIdentifier funderIdentifierType="Crossref Funder ID">10.13039/501100000780</funderIdentifier>
      <awardNumber awardURI="info:eu-repo/grantAgreement/EC/H2020/830929/">830929</awardNumber>
      <awardTitle>Cyber Security Network of Competence Centres for Europe</awardTitle>
    </fundingReference>
  </fundingReferences>
</resource>
241
52
views
downloads
All versions This version
Views 241241
Downloads 5252
Data volume 140.4 GB140.4 GB
Unique views 217217
Unique downloads 2828

Share

Cite as