Machine learning-based DNS classifier for detecting Domain Generation Algorithms (DGAs), tunneling, and data exfiltration by malicious actors.
Explore the docs »
View Demo
·
Report Bug
·
Request Feature
Caution
The project is under active development right now. Everything might change, break, or move around quickly.
| Continuous Integration |
|
python -m venv .venv
pip install .
heidgaf -hRun your analysis:
heidgaf inspect -r data/...Train your own model:
heidgaf train -m xg -d allImportant
Currently, we set a fixed data format scheme. However, we plan to support custom schemes.
Currently, we support the data format scheme provided by the DNS-Collector:
{{ .timestamp }}{{ .return_code }}{{ .client_ip }}{{ .server_ip }}{{ .query }}{{ .type }}{{ .answer }}{{ .size }}b
For training our models, we rely on the following data sets:
- CICBellDNS2021
- DGTA Benchmark
- DNS Tunneling Queries for Binary Classification
- UMUDGA - University of Murcia Domain Generation Algorithm Dataset
- Real-CyberSecurity-Datasets
However, we compute all feature separately and only rely on the domain and class.
Currently, we are only interested in binary classification, thus, the class is either benign or malicious.
Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.
If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement". Don't forget to give the project a star! Thanks again!
Distributed under the EUPL License. See LICENSE.txt for more information.