摘要
提出一种基于隐马尔可夫模型(HMM)的恶意域名检测方法。分析善恶域名在DNS通信中的各类特征,利用Spark大数据处理平台的高效计算能力对属性特征进行统计,在此基础上,通过HMM中的Baum-Welch算法和Viterbi算法对恶意域名进行准确分类。实验结果表明,与随机森林模型相比,HMM对恶意域名分类的准确率与召回率均较高。
A malicious domain name detection method based on Hidden Markov Model(HMM) is proposed.The characteristics of good and evil domain name in DNS communication are analyzed,and the attribute characteristics are counted by using the efficient computing power of Spark big data processing platform.On this basis,malicious domain name are accurately classified by Baum-Welch algorithm and Viterbi algorithm in HMM.Experimental results show that compared with the Random Forest(RF) model,the accuracy and recall rate of HMM for malicious domain name classification are both higher.
作者
白玲玲
宁振虎
薛菲
杨永丽
BAI Lingling;NING Zhenhu;XUE Fei;YANG Yongli(Faculty of Information Technology,Beijing University of Technology,Beijing 100124,China;School of Information,Beijing Wuzi University,Beijing 101149,China)
出处
《计算机工程》
CAS
CSCD
北大核心
2019年第9期161-168,共8页
Computer Engineering
基金
北京市博士后工作经费项目(2017-22-030)
CCF-启明星辰“鸿雁”科研计划(CCF-VenustechRP2017008)
