Abstract: To tackle the problems that the existing domain detection methods of domain generation algorithm (DGA) cannot fully extract and utilize the domain features and the detection methods based on word embedding are prone to cause the loss of important information, a DGA domain name detection method based on multi-level feature extraction (DDMFE) is proposed. Firstly, the vector representations of domains are obtained by word embedding, and the domain character features are extracted to obtain preprocessing samples. Secondly, the domain vectors are processed by a multi-level feature extraction network to capture the contextual and semantic information of the domains and fuse different domain information to generate a text-level feature representation of the domains. Finally, to calculate the domain classification probability, a feed-forward neural network is used to process the domain character features, an improved capsule network is used to process the domain text features, and a fusion operation is used to generate the domain classification probability for domain detection. After experimental validation, the proposed method improves the accuracy of DGA domain name detection and DGA algorithm recognition by 1.1%~8.6% and 1.8%~3.1%, respectively, which provides a good detection performance.

Key words: DGA domain name detection, multi-head pyramid network, character features, capsule network