Abstract: Domain generation algorithms (DGAs) are widely-used in modern botnets to generate a large number of domain names for covert command and control (C&C) communications. In recent years, researchers have proposed many machine learning-based approaches to detect DGA domains. Nevertheless, they are somewhat unavailable for adversarial attacks. This paper proposes a DGA based on character-level replacement (CLR-DGA) that utilizes character-level replacement under certain conditions to generate adversarial domains based on benign domain names without any knowledge about the DGA detector to evade detection. The experiment used five deep learning classifiers to test the classification effect of six type of DGA domain names, including CLR-DGA. Experimental results demonstrate that the domain names generated by CLR-DGA are the most difficult to be detected by the classifiers.