基于LSTM的DGA域名检测算法研究与应用

Research and Application of DGA Detection Algorithm Based on LSTM

下载PDF

导出

摘要随着互联网技术的快速发展,网络服务于各类行业,域名数量与日俱增的同时恶意域名的检测也变得愈来愈困难且更加重要。恶意服务常利用域名生成算法(DGA)逃避域名检测,DGA域名常见于一些僵尸网络和APT攻击中,针对DGA域名可以轻易地绕过传统防火墙和入侵检测设备、现有方法检测速度慢、实用性不强等问题,采用深度学习技术,基于LSTM设计了DGA域名检测方法,从海量域名样本中分辨出异常域名,借助机器代替人力完成这样重复性的工作。经实验结果证明,该方法检测准确率高达99.1%以上,是有效可行的。同时结合流量探针构建实时监测系统,实时准确地监测流量中的DGA域名,提高网络空间安全性。 With the rapid development of Internet technology,the network had served various industries,While the number of domain names is increasing day by day,the detection of malicious domain names has become more and more difficult and more important.Domain Generate Algorithm(DGA)was used by malicious services to evade domain detection.DGA was common in some botnets and APT attacks,aiming at the problem of DGA domain can easily bypass traditional firewalls and intrusion detection devices,slow detection speed and poor real-time performance in existing detection methods.a DGA domain detection algorithm based on Long Short-Term Memory(LSTM)model was designed by using deep learning,which candistinguish abnormal domain names from a large number of domain name samples,and use machines to replace humans to complete such repetitive tasks.The experimental results prove that the detection accuracy of this method is as high as 99.1%,which is effective and feasible.Meanwhile,a Real time Monitoring System for DGA Domain based on LSTM was proposed in combination with flow probe to monitor network traffic in real time and improve cyberspace protection capabilities.

作者查伟金 ZHA Wei-jin(Government and Enterprise Client Department,China Telecom Corporation LimitedJiujiang Branch,Jiujiang 332000,China)

机构地区中国电信股份有限公司九江分公司政企客户部

出处《电脑知识与技术》 2021年第22期121-124,共4页 Computer Knowledge and Technology

关键词域名生成算法僵尸网络深度学习 LSTM 网络空间安全 domain generation algorithm botnet deep learning LSTM cyberspace security

分类号 TP393 [自动化与计算机技术—计算机应用技术]

引文网络
相关文献

参考文献6

1张维维,龚俭,刘茜,刘尚东,胡晓艳.基于词素特征的轻量级域名检测算法[J].软件学报,2016,27(9):2348-2364. 被引量：30
2林思明,陈腾跃,梁煜麓.基于BiLstm神经网络的DGA域名检测方法[J].网络安全技术与应用,2019(1):15-17. 被引量：4
3刘洋,赵科军,葛连升,刘恒.一种基于深度学习的快速DGA域名分类算法[J].山东大学学报（理学版）,2019,54(7):106-112. 被引量：8
4赵宏,常兆斌,王乐.基于词法特征的恶意域名快速检测算法[J].计算机应用,2019,39(1):227-231. 被引量：25
5裴兰珍,赵英俊,王哲,罗赟骞.采用深度学习的DGA域名检测模型比较[J].计算机科学,2019,46(5):111-115. 被引量：17
6李世杰,倪洪.面向DDoS防御设备安全性测试的Scapy应用[J].网络安全技术与应用,2020(1):20-22. 被引量：3

二级参考文献56

1Porras P,Saidi H,Yegneswaran V, A foray into Conficker’s logic and rendezvous points. In: Lee W, ed. Proc. of the 2nd USENIX Conf. on Large-Scale Exploits and Emergent Threats: Botnets,Spyware, Worms, and More (LEET 2009). Boston: USENIX, 2009.
2Conficker C Analysis. 2009. http://mtc.sri.com/Conficker/addendumC.
3Royal P. Analysis of the Kraken Botnet. 2008. https://www.damballa.com/downloads/r_pubs/KrakenWhitepaper.pdf.
4Stone-Gross B, Cova M,Cavallaro L. Your botnet is my botnet: analysis of a botnet takeover. In: Al-Shaer E, Jha S, Keromytis AD, eds. Proc. of the 16th ACM Conf. on Computer and Communications Security (CCS 2009). Chicago: ACM Press, 2009. 635-647. [doi: 10.1145/1653662.1653738].
5Chatzis N, Popescu-Zeletin R. Flow level data mining of DNS query streams for email worm detection. In: Corchado E, Zunino R, Gastaldo P, Herrero A, eds. Proc. of the Int’l Workshop on Computational Intelligence in Security for Information Systems (CISIS2008). Berlin, Heidelberg: Springer-Verlag,2009. 186-194. [doi: 10.1007/978-3-540-88181-0—24].
6Chatzis N, Popescu-Zeletin R. Detection of email worm-infected machines on the local name servers using time series analysis. Journal of Information Assurance and Security, 2009,4(3):292-300.
7Chatzis N, Popescu-Zeletin R, Brownlee N. Email worm detection by wavelet analysis of DNS query streams. In: Dasgupta D, Zhan J, eds, Proc. of the IEEE Symp. on Computational Intelligence in Cyber Security (CICS 2009). Nashville: IEEE, 2009. 53-60. [doi: 10.1 丨 09/CICYBS.2009.4925090].
8Chatzis N, Brownlee N. Similarity search over DNS query streams for email worm detection. In: A wan I,ed. Proc. of the 2009 Int,l Conf. on Advanced Information Networking and Applications (AINA 2009). Bradford: IEEE, 2009. 588-595. [doi: 10.1109/AINA. 2009.132].
9Caglayan A, Toothaker M, Drapeau D, Burke D, Eaton G. Real-Time detection of fast flux service networks. In: Walter E, ed. Proc. of the 2009 Cybersecurity Applications & Technology Conf. for Homeland Security (CATCH 2009). Washington: IEEE, 2009.285-292. [doi: 10.1109/CATCH.2009.44].
10Choi H, Lee H, Kim H. Botnet detection by monitoring group activities in DNS traffic. In: Wei D, ed. Proc. of the 7th IEEE Int’l Conf. on Computer and Information Technology (CIT 2007). Fukushima: IEEE, 2007. 715-720.

共引文献71

1赵珂雨,陈婉莹.一种基于stacking集成学习的DGA域名检测方法[J].数据通信,2020(6):19-24.
2林思明,陈腾跃,梁煜麓.基于BiLstm神经网络的DGA域名检测方法[J].网络安全技术与应用,2019(1):15-17. 被引量：4
3赵科军,葛连升,秦丰林,洪晓光.基于word-hashing的DGA僵尸网络深度检测模型[J].东南大学学报（自然科学版）,2017,47(A01):30-33. 被引量：9
4周梦源,常鹏,张永铮.互联网下多元属性特征恶意停靠域名检测仿真[J].计算机仿真,2018,35(2):406-409. 被引量：2
5杜静,杨军.互联网海量数据中用户关键信息准确识别仿真[J].计算机仿真,2018,35(5):258-261. 被引量：3
6臧小东,龚俭,胡晓艳.基于AGD的恶意域名检测[J].通信学报,2018,39(7):15-25. 被引量：20
7赵宏,常兆斌,王乐.基于词法特征的恶意域名快速检测算法[J].计算机应用,2019,39(1):227-231. 被引量：25
8张慧,钱丽萍,汪立东,袁辰,张婷.面向恶意网址检测的广谱特征选择与评估[J].现代电子技术,2019,42(9):60-64.
9朱琪,林果园.基于改进随机森林算法的钓鱼网站检测方法研究[J].微电子学与计算机,2019,36(4):43-46. 被引量：5
10王辉,周忠锦,王世晋,史卓颖.基于MLP深度学习算法的DGA准确识别技术研究[J].信息安全研究,2019,5(6):495-499. 被引量：2

1陶晓玲,赵培超,陈隆生.基于模糊聚类的报警数据并行融合方法[J].桂林电子科技大学学报,2020,40(4):310-315. 被引量：3
2陈妍,朱燕,刘玉岭,刘星材.网络安全态势感知标准架构设计[J].信息安全研究,2021,7(9):844-848. 被引量：12
3薛永兵.变电一次设备故障预测及检修方法研究[J].装备维修技术,2021(27):0172-0172.
4徐红辉.石化企业原油罐区自动化技术分析[J].化工设计通讯,2021,47(8):24-25.
5朱成,张建军,肖钢.网络安全之纵深防护体系建立[J].金融电子化,2021(8):54-55.

电脑知识与技术

2021年第22期

浏览历史

内容加载中请稍等...

基于LSTM的DGA域名检测算法研究与应用

参考文献6

二级参考文献56

共引文献71

相关作者

相关机构

相关主题

浏览历史