摘要
随机域名是指由随机域名算法生成的域名,被针对计算机网络系统的恶意软件广泛使用,随机域名的检测任务是域名系统过滤攻击流量的基础性工作.传统方法对随机域名的检测效果不理想,精确率与召回率较低,导致过滤攻击流量时会出现较多的误判.本文提出和实现了一种基于GRU型循环神经网络的随机域名检测模型,该模型首先将域名转换成向量,然后借助GRU自动学习域名向量的特征,最后通过神经网络计算分类.相比于传统方法,该模型不再需要人工提取特征的过程,减少了特征提取的时间.且经过算法生成数据与真实场景数据的实验验证,该方法在随机域名检测任务中相比传统模型表现更加出色.
Random domain names refer to the names generated by domain generation algorithms, which are widely used by the malware of the computer network system. The detection of random domain names is the basic work of the traffic filtering operation of the domain name system. The traditional method of detecting random domain name is not ideal and the precision and recall are low which will lead to erroneous judgement in attack traffic filtering. In this paper, the random names detection model are built based on recurrent neural network with gated recurrent unit. In this model, domain names are converted to vectors at first, then GRU are adopted to learn features automatically and which will be taken by the neural network to compute the class scores. Compared to traditional methods, this method is able to extract features without human help and which will reduce the time cost of feature extraction. This method performs better in the experiments of the algorithm generated data and the real world data than traditional models.
作者
陈立国
张跃冬
耿光刚
延志伟
CHEN Li-Guo;ZHANG Yue-Dong;GENG Guang-Gang;YAN Zhi-Wei(Computer Network Information Center, Chinese Academy of Sciences, Beijing 100190, China;University of Chinese Academy of Sciences, Beijing 100049, China;China Internet Network Information Center, Beijing 100190, China)
出处
《计算机系统应用》
2018年第8期198-202,共5页
Computer Systems & Applications
基金
国家自然科学基金(61375039)~~
关键词
随机域名
GRU
循环神经网络
域名系统
流量过滤
random names
GRU
recurrent neural network
domain name system
traffic filtering