deeplookup 0.0.1

Deep Lookup - Deep Learning for Domain Name System

Deep Lookup - Deep Learning for Domain Name System

Installation

Installation Using PyPi

pip install deeplookup

Using DeepLookup

DeepLookup provides a Resolver instance that inhertits dns.resolver.Resolver

from deeplookup import Resolver


resolver = Resolver()

for ip in resolver.resolve("google.com", "A"):
    print("ip: ", ip.to_text())

The code above, performs a veficiation of a queried name using a nerual network trained to detect malicious queries (DGAs and tunnels). For the example above the output will look like following:

ip:  142.250.184.206

When the queried name is generated using domain generation algorith, the resolver throws dns.resolver.NXDOMAIN without even accessing a remote nameserver.

for ip in resolver.resolve("mjewnjixnjaa.com", "A"):
    print("ip: ", ip.to_text())

The output of the example above will throw the following error:

dns.resolver.NXDOMAIN: The DNS query name does not exist: mjewnjixnjaa.com.

Publications

1. Bubnov Y., Ivanov N. (2020) Text analysis of DNS queries for data exfiltration protection of computer networks, Informatics, 3, 78-86.
2. Bubnov Y., Ivanov N. (2020) Hidden Markov model for malicious hosts detection in a computer network, Journal of BSU. Mathematics and Informatics, 3, 73-79.
3. Bubnov Y., Ivanov N. (2021) DGA domain detection and botnet prevention using Q-learning for POMDP, Doklady BGUIR, 2, 91-99.

Datasets

1. Bubnov Y. (2019) DNS Tunneling Queries for Binary Classification, Mendeley Data, v1.
2. Zago M., Perez. M.G., Perez G.M. (2020) UMUDGA - University of Murcia Domain Generation Algorithm Dataset, Mendeley Data, v1.