Comparative Analysis of the Time Stability of CNN, LSTM and DistilBERT in the Domain Generation Algorithms (DGAs) Detection Problem
Дата
2025
Автори
Науковий керівник
Назва журналу
Номер ISSN
Назва тому
Видавець
НН ФТІ, КПІ ім. Ігоря Сікорського
Анотація
This paper investigates the effectiveness of deep learning models (in particular, CNN, LSTM, and DistilBERT) in detecting algorithm-generated domains (DGAs), taking into account the time dynamics of the development of such domains. The models were trained on samples of DGA domains relevant up to and including 2018 and a proportional set of unique benign domains (1:1) and were tested on five annual datasets for the period 2019–2023, which contained annual slices of DGA domains and the corresponding samples of benign domains. The work quantifies the temporal stability of these models and their ability to effectively detect new threats in the context of concept drift. The analysis of the results shows different dynamics of performance indicators for the architectures studied, revealing their strengths and weaknesses in terms of long-term performance and resilience to the evolution of DGA. The findings highlight the critical need to develop strategies to regularly monitor, update, or adapt DGA detection models to ensure a consistently high level of protection in the face of continuous improvement of malicious domain generation techniques. Notably, the findings related to DistilBERT are based on a model trained with a significantly smaller dataset than CNN and LSTM, which limits the validity of direct performance comparisons. This constraint introduces a potential bias in the results and highlights the need for caution when interpreting DistilBERT’s relative performance. A more comprehensive evaluation is underway using an equivalent dataset.
Опис
Ключові слова
Cybersecurity, DGA detection, deep learning (DL), Convolutional Neural Networks (CNN), Long ShortTerm Memory (LSTM), DistilBERT, comparative analysis, temporal analysis
Бібліографічний опис
Salyk, V. Comparative Analysis of the Time Stability of CNN, LSTM and DistilBERT in the Domain Generation Algorithms (DGAs) Detection Problem / Salyk Vasyl, Venherskyi Petro // Theoretical and Applied Cybersecurity : Матеріали ІІІ Всеукраїнської науково-практичної конференції (TACS-2025), [Київ], 29 травня 2025 р. / НН ФТІ, КПІ ім. Ігоря Сікорського. - Київ, 2025. - С. 28-38.