Abstract: To address the problem of high concealment of malicious domain names generated by domain generation algorithms (DGAs) and low accuracy of existing methods in multi-classification of malicious domain names, a DGA domain name detection method based on Transformer and multi-feature fusion is proposed. The method uses the Transformer encoder to capture the global information of domain name characters, and obtains long-distance contextual features at different granularities through a parallel deep convolutional neural network (DCNN). At the same time, BiLSTM  and self-attention mechanism are introduced to combine shallow CNN to obtain shallow spatiotemporal features. Finally, the long-distance context features and shallow spatiotemporal features are combined for domain name detection. The experimental results show that the proposed method has better performance in malicious domain name detection. Compared with CNN, LSTM, L-PCAL, and SW-DRN, the proposed method improves the accuracy by 1.72%, 1.10%, 0.75%, and 0.34% in the binary classification experiment and by 1.75%, 1.29%, 0.88%, and 0.83% in the multi-classification experiment.

Key words: domain generation algorithm (DGA), Transformer model, deep convolutional neural network (DCNN), Bidirectional long short-term memory network, self-attention mechanism ,