Comparative Analysis of the Time Stability of CNN, LSTM and DistilBERT in the Domain Generation Algorithms (DGAs) Detection Problem
| dc.contributor.author | Salyk, Vasyl | |
| dc.contributor.author | Venherskyi, Petro | |
| dc.date.accessioned | 2025-10-21T09:14:42Z | |
| dc.date.available | 2025-10-21T09:14:42Z | |
| dc.date.issued | 2025 | |
| dc.description.abstract | This paper investigates the effectiveness of deep learning models (in particular, CNN, LSTM, and DistilBERT) in detecting algorithm-generated domains (DGAs), taking into account the time dynamics of the development of such domains. The models were trained on samples of DGA domains relevant up to and including 2018 and a proportional set of unique benign domains (1:1) and were tested on five annual datasets for the period 2019–2023, which contained annual slices of DGA domains and the corresponding samples of benign domains. The work quantifies the temporal stability of these models and their ability to effectively detect new threats in the context of concept drift. The analysis of the results shows different dynamics of performance indicators for the architectures studied, revealing their strengths and weaknesses in terms of long-term performance and resilience to the evolution of DGA. The findings highlight the critical need to develop strategies to regularly monitor, update, or adapt DGA detection models to ensure a consistently high level of protection in the face of continuous improvement of malicious domain generation techniques. Notably, the findings related to DistilBERT are based on a model trained with a significantly smaller dataset than CNN and LSTM, which limits the validity of direct performance comparisons. This constraint introduces a potential bias in the results and highlights the need for caution when interpreting DistilBERT’s relative performance. A more comprehensive evaluation is underway using an equivalent dataset. | |
| dc.format.pagerange | С. 28-38 | |
| dc.identifier.citation | Salyk, V. Comparative Analysis of the Time Stability of CNN, LSTM and DistilBERT in the Domain Generation Algorithms (DGAs) Detection Problem / Salyk Vasyl, Venherskyi Petro // Theoretical and Applied Cybersecurity : Матеріали ІІІ Всеукраїнської науково-практичної конференції (TACS-2025), [Київ], 29 травня 2025 р. / НН ФТІ, КПІ ім. Ігоря Сікорського. - Київ, 2025. - С. 28-38. | |
| dc.identifier.uri | https://ela.kpi.ua/handle/123456789/76950 | |
| dc.language.iso | en | |
| dc.publisher | НН ФТІ, КПІ ім. Ігоря Сікорського | |
| dc.publisher.place | Київ | |
| dc.relation.ispartof | Theoretical and Applied Cybersecurity : Матеріали ІІІ Всеукраїнської науково-практичної конференції (TACS-2025, 29 травня 2025 р., м. Київ, Україна) | |
| dc.subject | Cybersecurity | |
| dc.subject | DGA detection | |
| dc.subject | deep learning (DL) | |
| dc.subject | Convolutional Neural Networks (CNN) | |
| dc.subject | Long ShortTerm Memory (LSTM) | |
| dc.subject | DistilBERT | |
| dc.subject | comparative analysis | |
| dc.subject | temporal analysis | |
| dc.title | Comparative Analysis of the Time Stability of CNN, LSTM and DistilBERT in the Domain Generation Algorithms (DGAs) Detection Problem | |
| dc.type | Article |
Файли
Контейнер файлів
1 - 1 з 1
Ліцензійна угода
1 - 1 з 1
Ескіз недоступний
- Назва:
- license.txt
- Розмір:
- 8.98 KB
- Формат:
- Item-specific license agreed upon to submission
- Опис: