期刊文献+

DGA-Based Botnet Detection Toward Imbalanced Multiclass Learning 被引量:4

原文传递
导出
摘要 Botnets based on the Domain Generation Algorithm(DGA) mechanism pose great challenges to the main current detection methods because of their strong concealment and robustness. However, the complexity of the DGA family and the imbalance of samples continue to impede research on DGA detection. In the existing work, the sample size of each DGA family is regarded as the most important determinant of the resampling proportion;thus,differences in the characteristics of various samples are ignored, and the optimal resampling effect is not achieved.In this paper, a Long Short-Term Memory-based Property and Quantity Dependent Optimization(LSTM.PQDO)method is proposed. This method takes advantage of LSTM to automatically mine the comprehensive features of DGA domain names. It iterates the resampling proportion with the optimal solution based on a comprehensive consideration of the original number and characteristics of the samples to heuristically search for a better solution around the initial solution in the right direction;thus, dynamic optimization of the resampling proportion is realized.The experimental results show that the LSTM.PQDO method can achieve better performance compared with existing models to overcome the difficulties of unbalanced datasets;moreover, it can function as a reference for sample resampling tasks in similar scenarios.
出处 《Tsinghua Science and Technology》 SCIE EI CAS CSCD 2021年第4期387-402,共16页 清华大学学报(自然科学版(英文版)
基金 partially funded by the National Natural Science Foundation of China (No. 61272447) the National Entrepreneurship&Innovation Demonstration Base of China (No. C700011) the Key Research&Development Project of Sichuan Province of China (No.2018G20100)。
  • 相关文献

参考文献1

二级参考文献21

  • 1Riden J. Know your enemy: fast-flux service net- works [EB/OL]. (2008-08-16)[2015-05-01]. http:// www.honeynet.org/papers/ff.
  • 2Perdisci R, Corona I, Giacinto G. Early detection of malicious flux networks via large-scale passive DNS traffic analysis. IEEE Transactions on Dependable and Secure Computing, 2012, 9(5): 714-726.
  • 3Weimer F. Passive DNS replication // FIRST Conference on Computer Security Incident. Singa- pore, 2005:1-13.
  • 4Mockapetris P V. Domain names, concepts and facilities [EB/OL]. (1987)[2015-03-01]. http://tools.iet f.org/html/rfc 1034.
  • 5Holz T, Gorecki C, Rieck K, et al. Measuring and detecting fast-flux service networks // NDSS, San Diego, 2008:487--492.
  • 6Passerini E, Paleari R, Martignoni L, et al. Fluxor: detecting and monitoring fast-flux service networks// Detection of Intrusions and Malware, and Vulnera- bility Assessment. Berlin: Springer, 2008:186-206.
  • 7Huang S Y, Mao C H, Lee H M. Fast-flux service network detection based on spatial snapshot mecha- nism for delay-free detection//Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security. Beijing, 2010:101-111.
  • 8Antonakakis M, Perdisci R, Dagon D, et al. Building a dynamic reputation system for DNS // USENIX Security Symposium. Washington DC, 2010:273-290.
  • 9Bilge L, Kirda E, Kruegel C, et al. EXPOSURE: finding malicious domains using passive DNS analysis//NDSS. San Diego, 2011:1-5.
  • 10Pedregosa F, Varoquaux G, Gramfort A, et al. Scikit- learn: machine learning in Python. The Journal of Machine Learning Research, 2011, 12:2825-2830.

共引文献15

同被引文献27

引证文献4

二级引证文献10

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部