Project description

Deep Lookup - Deep Learning for Domain Name System

Installation

Installation Using PyPi

pip install deeplookup

Using DeepLookup

DeepLookup provides a Resolver instance that inherits dns.resolver.Resolver

from deeplookup import Resolver


resolver = Resolver()

for ip in resolver.resolve("google.com", "A"):
    print(f"ip: {ip.to_text()}")

The code above performs a verification of a queried name using a neural network trained to detect malicious queries (DGAs and tunnels). For the example above the output will look like following:

ip: 142.250.184.206

When the queried name is generated using domain generation algorithm, the resolver throws dns.resolver.NXDOMAIN without even accessing a remote name server.

for ip in resolver.resolve("mjewnjixnjaa.com", "A"):
    print(f"ip: {ip.to_text()}")

The example above throws dns.resolver.NXDOMAIN error with the following message:

dns.resolver.NXDOMAIN: The DNS query name does not exist: mjewnjixnjaa.com.

Training

The model is trained using tfx pipeline, where the training dataset is uploaded, split into the training and evaluation subsets and then used to fit the neural network.

In order to trigger the training pipeline use the following command:

python -m deeplookup.pipeline.gta1

This command creates a folder called "tfx", where all artifacts are persisted. See the tfx/pipelines/gta1/serving_model/gta1/* folder to access the model in HDF5 format.

Publications

Bubnov Y., Ivanov N. (2020) Text analysis of DNS queries for data exfiltration protection of computer networks, Informatics, 3, 78-86.
Bubnov Y., Ivanov N. (2020) Hidden Markov model for malicious hosts detection in a computer network, Journal of BSU. Mathematics and Informatics, 3, 73-79.
Bubnov Y., Ivanov N. (2021) DGA domain detection and botnet prevention using Q-learning for POMDP, Doklady BGUIR, 2, 91-99.

Datasets

Bubnov Y. (2019) DNS Tunneling Queries for Binary Classification, Mendeley Data, v1.
Zago M., Perez. M.G., Perez G.M. (2020) UMUDGA - University of Murcia Domain Generation Algorithm Dataset, Mendeley Data, v1.
Bybnov Y. (2021) DGTA-BENCH - Domain Generation and Tunneling Algorithms for Benchmark, Mendeley Data, v1.

Project details

These details have not been verified by PyPI

Project links

Homepage

Release history Release notifications | RSS feed

This version

1.0.0

Dec 26, 2021

0.1.0

Dec 9, 2021

0.0.1

Oct 31, 2021

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distribution

deeplookup-1.0.0-py3-none-any.whl (22.1 MB view details)

Uploaded Dec 26, 2021 Python 3

File details

Details for the file deeplookup-1.0.0-py3-none-any.whl.

File metadata

Download URL: deeplookup-1.0.0-py3-none-any.whl
Upload date: Dec 26, 2021
Size: 22.1 MB
Tags: Python 3
Uploaded using Trusted Publishing? No
Uploaded via: twine/3.7.1 importlib_metadata/4.8.2 pkginfo/1.8.2 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.7.9

File hashes

Hashes for deeplookup-1.0.0-py3-none-any.whl
Algorithm	Hash digest
SHA256	`964ac743f4777e9053863eb936139dafabc72f9b17db5cef8e9f21beba130da2`
MD5	`0f349f657a9adf3ca7f9b8313b08cdea`
BLAKE2b-256	`4e0149e2c9fdd5b5ec7e5768bbc298b999bc7811e40988a392c13d92508cef37`