Machine learning-based DNS classifier for detecting Domain Generation Algorithms (DGAs), tunneling, and data exfiltration by malicious actors.
Explore the docs »
View Demo
·
Report Bug
·
Request Feature
Caution
The project is under active development right now. Everything might change, break, or move around quickly.
Continuous Integration |
python -m venv .venv
pip install .
heidgaf -h
Run your analysis:
heidgaf inspect -r data/...
Train your own model:
heidgaf train -m xg -d all
Important
Currently, we set a fixed data format scheme. However, we plan to support custom schemes.
Currently, we support the data format scheme provided by the DNS-Collector:
{{ .timestamp }}
{{ .return_code }}
{{ .client_ip }}
{{ .server_ip }}
{{ .query }}
{{ .type }}
{{ .answer }}
{{ .size }}b
For training our models, we rely on the following data sets:
- CICBellDNS2021
- DGTA Benchmark
- DNS Tunneling Queries for Binary Classification
- UMUDGA - University of Murcia Domain Generation Algorithm Dataset
- Real-CyberSecurity-Datasets
However, we compute all feature separately and only rely on the domain
and class
.
Currently, we are only interested in binary classification, thus, the class
is either benign
or malicious
.
Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.
If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement". Don't forget to give the project a star! Thanks again!
Distributed under the EUPL License. See LICENSE.txt
for more information.