Lionic AI Anti-WebThreat Technology - Detecting DGA Domain

Lionic leverages AI (Artificial Intelligence) as a powerful tool to combat various network attacks. Traditionally, network attacks are blocked using specific signatures. However, some attacks, such as those involving DGA (Domain Generation Algorithm) domains, are difficult to address with signature-based methods. These DGA domains present a significant challenge in extracting reliable signatures for effective blocking.

We are now excited to introduce our latest achievement in AI: Lionic AI Anti-WebThreat Technology, which can effectively detect DGA domains.

DGA (Domain Generation Algorithm) are used in various families of malware to periodically generate a large number of domain names, serving as rendezvous points for their command and control servers. Each DGA domain is newly generated, making them unknown to traditional malicious website databases. These domains are typically long and do not consist of common English words. AI is particularly well-suited to learn these unique concept — “long and not consisting of common English words” — and effectively detect them.

DGA domains, C&C Server and Botnet

Similar to Lionic’s other AI technologies, the company has a vast collection of malicious and clean websites through its malicious website blocking service, which has been operational for over a decade. This extensive database also includes many DGA domains. Lionic used one million DGA domains and one million clean websites to train its DGA detection machine learning model. After extensive internal adjustments, the model is now highly effective at detecting DGA domains with very low false positives.

AI Anti-WebThreat Training

The AI Anti-WebThreat Technology is integrated into Lionic Anti-WebThreat query cloud. When an AI Anti-WebThreat client program queries a URL, the server first checks the URL against the malicious and clean websites database. If the URL is not found in either database, the AI Anti-WebThreat DGA Detection Model will then determine if it is a DGA domain. If a DGA domain is confirmed, the client will block it, preventing malware or botnets from connecting to their command and control servers. This significantly minimizes the impact of malware and botnets. Lionic products, such as Tera-UTM and Dual Ark-UTM, are equipped with the AI Anti-WebThreat client program.

AI Anti-WebThreat Technology