Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    1 vulnerability by Palo Alto Networks ML-based DGA detection module

    AVID-2023-V002

    Vulnerability from avid – Published: 2023-03-31 – Updated: 2023-03-31 ATLAS Case Study
    Summary
    The Palo Alto Networks Security AI research team was able to bypass a Convolutional Neural Network based botnet Domain Generation Algorithm (DGA) detector using a generic domain name mutation technique. It is a generic domain mutation technique which can evade most ML-based DGA detection modules. The generic mutation technique evades most ML-based DGA detection modules DGA and can be used to test the effectiveness and robustness of all DGA detection methods developed by security companies in the industry before they is deployed to the production environment.
    Risk domain
    Security
    SEP view
    S0403: Adversarial Example
    Lifecycle
    L06: Deployment
    Affected artifacts
    References
    URL Label
    https://atlas.mitre.org/studies/AML.CS0001 Botnet Domain Generation Algorithm (DGA) Detection Evasion
    http://faculty.washington.edu/mdecock/papers/byu2… Yu, Bin, Jie Pan, Jiaming Hu, Anderson Nascimento, and Martine De Cock. "Character level based detection of DGA domain names." In 2018 International Joint Conference on Neural Networks (IJCNN), pp. 1-8. IEEE, 2018.
    https://github.com/matthoffman/degas Degas source code

    {
      "affects": {
        "artifacts": [
          {
            "name": "Palo Alto Networks ML-based DGA detection module",
            "type": "System"
          }
        ],
        "deployer": [
          "Palo Alto Networks ML-based DGA detection module"
        ],
        "developer": []
      },
      "credit": null,
      "data_type": "AVID",
      "data_version": "0.2",
      "description": {
        "lang": "eng",
        "value": "The Palo Alto Networks Security AI research team was able to bypass a Convolutional Neural Network based botnet Domain Generation Algorithm (DGA) detector using a generic domain name mutation technique.\nIt is a generic domain mutation technique which can evade most ML-based DGA detection modules.\nThe generic mutation technique evades most ML-based DGA detection modules DGA and can be used to test the effectiveness and robustness of all DGA detection methods developed by security companies in the industry before they is deployed to the production environment."
      },
      "impact": {
        "avid": {
          "lifecycle_view": [
            "L06: Deployment"
          ],
          "risk_domain": [
            "Security"
          ],
          "sep_view": [
            "S0403: Adversarial Example"
          ],
          "taxonomy_version": "0.2"
        }
      },
      "last_modified_date": "2023-03-31",
      "metadata": {
        "vuln_id": "AVID-2023-V002"
      },
      "problemtype": {
        "classof": "ATLAS Case Study",
        "description": {
          "lang": "eng",
          "value": "Botnet Domain Generation Algorithm (DGA) Detection Evasion"
        },
        "type": "Advisory"
      },
      "published_date": "2023-03-31",
      "references": [
        {
          "label": "Botnet Domain Generation Algorithm (DGA) Detection Evasion",
          "type": "source",
          "url": "https://atlas.mitre.org/studies/AML.CS0001"
        },
        {
          "label": "Yu, Bin, Jie Pan, Jiaming Hu, Anderson Nascimento, and Martine De Cock.  \"Character level based detection of DGA domain names.\" In 2018 International Joint Conference on Neural Networks (IJCNN), pp. 1-8. IEEE, 2018.",
          "type": "source",
          "url": "http://faculty.washington.edu/mdecock/papers/byu2018a.pdf"
        },
        {
          "label": "Degas source code",
          "type": "source",
          "url": "https://github.com/matthoffman/degas"
        }
      ],
      "reports": null
    }