摘要
当前,各种各样的恶意软件常使用域名生成算法(Domain Generation Algorithms,DGAs)来生成大量的随机域名,然后尝试与C&C服务器建立通信,发动相应的攻击。现有的检测方法基于DGA域名的随机性构建人工特征,利用机器学习方法学习分类模式,但该类算法存在人工构建特征费时费力、检测误报率高等问题;或利用LSTM,GRU等深度学习技术学习DGA域名的序列关系,但该类算法对低随机性的DGA域名的检测准确率较低。文中提出了一种域名通用特征的提取方案,建立了包含41种DGA域名家族的数据集,并设计了基于人工特征与深度特征的检测算法,提高了模型的泛化能力,增加了对DGA域名家族的识别种类。实验结果表明,基于人工特征与深度特征的DGA域名检测算法取得了比传统深度学习方法更高的准确率和更好的泛化能力。
Nowadays,various families of malware use domain generation algorithms(DGAs)to generate a large number of pseudo-random domain names to connect to C&C(Command and Control)servers,in order to launch corresponding attacks.There are two existing methods to detect DGA domains.On the one hand,it is a machine learning method based on the randomness of DGA domain name to construct artificial features.This kind of algorithm has the problems of time-consuming and laborious artificial feature engineering and high false alarm rate and so on.On the other hand,LSTM,GRU and other deep learning technologies are used to learn the sequence relationship of DGA domain names.This kind of algorithm has a low detection accuracy for DGA domain names with low randomness.Therefore,this paper proposes a domain name generic feature extraction scheme,establishes a data set containing 41 DGA domain name families,and designs a detection algorithm based on artificial features and depth features that enhances the generalization ability of the model and improves the identification types of DGA domain families.Experimental results show that DGA domain name detection algorithm based on artificial features and depth features has achieved higher accuracy and better generalization ability than traditional deep learning methods.
作者
胡鹏程
刁力力
叶桦
仰燕兰
HU Peng-cheng;DIAO Li-li;YE Hua;YANG Yan-lan(School of Automation,Southeast University,Nanjing 210096,China;Core Technology-Research,Trend Micro China Development Center,Nanjing 210012,China)
出处
《计算机科学》
CSCD
北大核心
2020年第9期311-317,共7页
Computer Science
关键词
域名生成算法
域名检测
长短期记忆网络
特征工程
Domain generation algorithms
Domain name detection
Long short-term memory
Feature engineering
