Dataset Open Access

HYDRA dataset

Fran Casino; Nikolaos Lykousas; Ivan Homoliak; Constantinos Patsakis; Julio Hernandez-Castro


MARC21 XML Export

<?xml version='1.0' encoding='UTF-8'?>
<record xmlns="http://www.loc.gov/MARC21/slim">
  <leader>00000nmm##2200000uu#4500</leader>
  <datafield tag="999" ind1="C" ind2="5">
    <subfield code="x">Plohmann, Daniel, et al. "A comprehensive measurement study of domain generating malware." 25th USENIX Security Symposium (USENIX Security 16). 2016.</subfield>
  </datafield>
  <datafield tag="999" ind1="C" ind2="5">
    <subfield code="x">X. Yun, J. Huang, Y. Wang, T. Zang, Y. Zhou, and Y. Zhang, "Khaos: An  adversarial  neural  network  dga  with  high  anti-detection  ability", IEEE Transactions on Information Forensics and Security, vol. 15, pp.2225–2240, 2020.</subfield>
  </datafield>
  <datafield tag="999" ind1="C" ind2="5">
    <subfield code="x">Spooren, Jan, et al. "Detection of algorithmically generated domain names used by botnets: a dual arms race." Proceedings of the 34th ACM/SIGAPP Symposium on Applied Computing. 2019.</subfield>
  </datafield>
  <datafield tag="653" ind1=" " ind2=" ">
    <subfield code="a">Domain generation algorithms</subfield>
  </datafield>
  <datafield tag="653" ind1=" " ind2=" ">
    <subfield code="a">DGA</subfield>
  </datafield>
  <controlfield tag="005">20201221201735.0</controlfield>
  <controlfield tag="001">3965397</controlfield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">University of Piraeus</subfield>
    <subfield code="0">(orcid)0000-0001-8874-1230</subfield>
    <subfield code="a">Nikolaos Lykousas</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">Brno University of Technology</subfield>
    <subfield code="0">(orcid)0000-0002-0790-0875</subfield>
    <subfield code="a">Ivan Homoliak</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">University of Piraeus</subfield>
    <subfield code="0">(orcid)0000-0002-4460-9331</subfield>
    <subfield code="a">Constantinos Patsakis</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">University of Kent</subfield>
    <subfield code="0">(orcid)0000-0002-6432-5328</subfield>
    <subfield code="a">Julio Hernandez-Castro</subfield>
  </datafield>
  <datafield tag="856" ind1="4" ind2=" ">
    <subfield code="s">2699517421</subfield>
    <subfield code="z">md5:27fbeca237b60fae65134f31025cd486</subfield>
    <subfield code="u">https://zenodo.org/record/3965397/files/dataset.7z</subfield>
  </datafield>
  <datafield tag="542" ind1=" " ind2=" ">
    <subfield code="l">open</subfield>
  </datafield>
  <datafield tag="260" ind1=" " ind2=" ">
    <subfield code="c">2020-07-29</subfield>
  </datafield>
  <datafield tag="909" ind1="C" ind2="O">
    <subfield code="p">openaire_data</subfield>
    <subfield code="o">oai:zenodo.org:3965397</subfield>
  </datafield>
  <datafield tag="100" ind1=" " ind2=" ">
    <subfield code="u">University of Piraeus</subfield>
    <subfield code="0">(orcid)0000-0003-4296-2876</subfield>
    <subfield code="a">Fran Casino</subfield>
  </datafield>
  <datafield tag="245" ind1=" " ind2=" ">
    <subfield code="a">HYDRA dataset</subfield>
  </datafield>
  <datafield tag="536" ind1=" " ind2=" ">
    <subfield code="c">832735</subfield>
    <subfield code="a">Lawful evidence collecting and continuity platform development</subfield>
  </datafield>
  <datafield tag="536" ind1=" " ind2=" ">
    <subfield code="c">780498</subfield>
    <subfield code="a">Cybersecurity Awareness and Knowledge Systemic High-level Application</subfield>
  </datafield>
  <datafield tag="536" ind1=" " ind2=" ">
    <subfield code="c">830929</subfield>
    <subfield code="a">Cyber Security Network of Competence Centres for Europe</subfield>
  </datafield>
  <datafield tag="540" ind1=" " ind2=" ">
    <subfield code="u">https://creativecommons.org/licenses/by/4.0/legalcode</subfield>
    <subfield code="a">Creative Commons Attribution 4.0 International</subfield>
  </datafield>
  <datafield tag="650" ind1="1" ind2="7">
    <subfield code="a">cc-by</subfield>
    <subfield code="2">opendefinition.org</subfield>
  </datafield>
  <datafield tag="520" ind1=" " ind2=" ">
    <subfield code="a">&lt;p&gt;&amp;nbsp;&lt;/p&gt;

&lt;p&gt;This repository contains a large dataset for the research of domain generation algorithms (DGAs) and machine learning. At the time of writing the dataset contains more than 90m of domains and more than 100 families.&lt;/p&gt;

&lt;p&gt;The dataset consists of SLDs from DGAs and their extracted features. The main sources for the DGAs are the following:&lt;/p&gt;

&lt;ul&gt;
	&lt;li&gt;&lt;a href="https://dgarchive.caad.fkie.fraunhofer.de/"&gt;DGArchive&lt;/a&gt;&lt;/li&gt;
	&lt;li&gt;&lt;a href="https://data.netlab.360.com/dga/"&gt;The DGA feed from Network Security Research Lab at 360&lt;/a&gt;&lt;/li&gt;
	&lt;li&gt;&lt;a href="http://osint.bambenekconsulting.com/feeds/"&gt;The OSINT feeds for DGA from Bambenek Consulting&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;When the samples were sparse, we used the reversed code to create new ones.&lt;/p&gt;

&lt;ul&gt;
	&lt;li&gt;&lt;a href="https://github.com/baderj/domain_generation_algorithms"&gt;Johannes Bader Github repo&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Moreover, it has SLDs from three adversarial DGAs (referred to deception, deception2 and khaos) DGAs and SLDs from the top 1m Alexa domains.&lt;/p&gt;

&lt;p&gt;Features by the order they appear in the dataset&lt;/p&gt;

&lt;ul&gt;
	&lt;li&gt;Family: DGA Family&lt;/li&gt;
	&lt;li&gt;SLD: SLD of the domain&lt;/li&gt;
	&lt;li&gt;L-HEX: The domain name is represented with hexadecimal characters&lt;/li&gt;
	&lt;li&gt;L-LEN: The length of Dom&lt;/li&gt;
	&lt;li&gt;L-DIG: The number of digits in Dom&lt;/li&gt;
	&lt;li&gt;L-DOT: The number of dots in the raw domain&lt;/li&gt;
	&lt;li&gt;L-CON-MAX: The maximum number of consecutive consonants Dom&lt;/li&gt;
	&lt;li&gt;L-VOW-MAX: The maximum number of consecutive vowels Dom&lt;/li&gt;
	&lt;li&gt;L-W2: Number of words with more than 2 characters in Dom&lt;/li&gt;
	&lt;li&gt;L-W3: Number of words with more than 3 characters in Dom&lt;/li&gt;
	&lt;li&gt;R-CON-VOW: Ratio of consonants and vowels ofDom&lt;/li&gt;
	&lt;li&gt;R-Dom-3G: Ratio of benign grams in Dom-3G&lt;/li&gt;
	&lt;li&gt;R-Dom-4G: Ratio of benign grams in Dom-4G&lt;/li&gt;
	&lt;li&gt;R-Dom-5G: Ratio of benign grams in Dom-5G&lt;/li&gt;
	&lt;li&gt;R-VOW-3G: Ratio of grams that contain a vowel in Dom-3G&lt;/li&gt;
	&lt;li&gt;R-VOW-4G: Ratio of grams that contain a vowel in Dom-4G&lt;/li&gt;
	&lt;li&gt;R-VOW-5G: Ratio of grams that contain a vowel in Dom-5G&lt;/li&gt;
	&lt;li&gt;R-WS-LEN: Dom-WS divided by L-LEN&lt;/li&gt;
	&lt;li&gt;R-WD-LEN: Dom-WD divided by L-LEN&lt;/li&gt;
	&lt;li&gt;R-WDS-LEN: Dom-WDS divided by L-LEN&lt;/li&gt;
	&lt;li&gt;R-W2-LEN: Dom-W2 divided by L-LEN&lt;/li&gt;
	&lt;li&gt;R-W2-LEN-D: Dom-W2 divided by Dom-D&lt;/li&gt;
	&lt;li&gt;R-W3-LEN: Dom-W3 divided by L-LEN&lt;/li&gt;
	&lt;li&gt;R-W3-LEN-D: Dom-W3 divided by Dom-D&lt;/li&gt;
	&lt;li&gt;GIB-1-Dom: Gibberish detector 1 applied to Dom&lt;/li&gt;
	&lt;li&gt;GIB-1-Dom-WS: Gibberish detector 1 applied to Dom-WS&lt;/li&gt;
	&lt;li&gt;GIB-1-Dom-D: Gibberish detector 1 applied to Dom-D&lt;/li&gt;
	&lt;li&gt;GIB-1-Dom-WDS: Gibberish detector 1 applied to Dom-WDS&lt;/li&gt;
	&lt;li&gt;GIB-1-Dom-W2: Gibberish detector 1 applied to Dom-W2&lt;/li&gt;
	&lt;li&gt;GIB-1-Dom-W3: Gibberish detector 1 applied to Dom-W3&lt;/li&gt;
	&lt;li&gt;GIB-2-Dom: Gibberish detector 2 applied to Dom&lt;/li&gt;
	&lt;li&gt;GIB-2-Dom-WS: Gibberish detector 2 applied to Dom-WS&lt;/li&gt;
	&lt;li&gt;GIB-2-Dom-D: Gibberish detector 2 applied to Dom-D&lt;/li&gt;
	&lt;li&gt;GIB-2-Dom-WDS: Gibberish detector 2 applied to Dom-WDS&lt;/li&gt;
	&lt;li&gt;GIB-2-Dom-W2: Gibberish detector 2 applied to Dom-W2&lt;/li&gt;
	&lt;li&gt;GIB-2-Dom-W3: Gibberish detector 2 applied to Dom-W3&lt;/li&gt;
	&lt;li&gt;E-Dom: Entropy ofDom&lt;/li&gt;
	&lt;li&gt;E-Dom-WS: Entropy of Dom-WS&lt;/li&gt;
	&lt;li&gt;E-Dom-D: Entropy of Dom-D&lt;/li&gt;
	&lt;li&gt;E-Dom-WDS: Entropy of Dom-WDS&lt;/li&gt;
	&lt;li&gt;E-Dom-W2: Entropy of Dom-W2&lt;/li&gt;
	&lt;li&gt;E-Dom-W3: Entropy of Dom-W3&lt;/li&gt;
&lt;/ul&gt;</subfield>
  </datafield>
  <datafield tag="773" ind1=" " ind2=" ">
    <subfield code="n">doi</subfield>
    <subfield code="i">isVersionOf</subfield>
    <subfield code="a">10.5281/zenodo.3965396</subfield>
  </datafield>
  <datafield tag="024" ind1=" " ind2=" ">
    <subfield code="a">10.5281/zenodo.3965397</subfield>
    <subfield code="2">doi</subfield>
  </datafield>
  <datafield tag="980" ind1=" " ind2=" ">
    <subfield code="a">dataset</subfield>
  </datafield>
</record>
241
52
views
downloads
All versions This version
Views 241241
Downloads 5252
Data volume 140.4 GB140.4 GB
Unique views 217217
Unique downloads 2828

Share

Cite as