README.md

---
title: DGA Domain Classifier
emoji: 🔍
colorFrom: red
colorTo: blue
sdk: gradio
sdk_version: 4.44.0
app_file: app.py
pinned: false
license: mit
---

# DGA Domain Classifier

Interactive demo for detecting DGA (Domain Generation Algorithm) domains using a transformer-based model.

**Model**: [ccss17/dga-transformer-encoder](https://huggingface.co/ccss17/dga-transformer-encoder)

## What does this do?

This app classifies domain names as either:
- ✅ **Legitimate**: Normal domains (e.g., google.com, github.com)
- 🚨 **DGA (Malicious)**: Algorithmically-generated domains used by malware (e.g., xjkd8f2h.com)

## Features

- Single domain classification with confidence scores
- Batch prediction for multiple domains
- Visual feedback with color-coded results
- 96.78% accuracy on test set
- <1ms inference time per domain

## How to use

1. Enter a domain name (without http:// or paths)
2. Click "Classify Domain"
3. See the prediction and confidence score

Try these examples:
- **Legitimate**: `google.com`, `github.com`, `stackoverflow.com`
- **Malicious DGA**: `xjkd8f2h.com`, `qwfp93nx.net`, `h4fk29fd.org`

## About DGAs

Domain Generation Algorithms (DGAs) are used by malware to generate pseudo-random domain names for C2 (command-and-control) communication. This makes it harder for security systems to block malicious traffic using traditional blacklists.

## Technical Details

- **Architecture**: Custom Transformer Encoder (4 layers, 256 dim, 8 heads)
- **Parameters**: 3.2M
- **Training Data**: ExtraHop DGA dataset (500K samples)
- **Framework**: PyTorch + HuggingFace Transformers
- **Model Files**: This Space includes the custom model code (`model.py`, `charset.py`) to enable loading the custom architecture

---

**Built with ❤️ using PyTorch, HuggingFace, and Gradio**