Acquire, Adapt, And Anticipate: Continuous Learning To Block Malicious Domains

We present an automated learning system that continuously gathers domain data from open repositories, develops a deep learning model, uses the model to make detections, publishes unreported malicious domains, leverages threat intelligence to label the detected domains, and periodically updates the detection models. The results presented in this paper show that the system not only extends the detection coverage of threat intelligence feeds, but also that it reduces the delay in detection. We also leverage deep learning models to generate new, unregistered domains that are likely to be used by attackers in the future.