计算机科学

计算机科学 ›› 2019, Vol. 46 ›› Issue (5): 111-115.doi: 10.11896/j.issn.1002-137X.2019.05.017

• 信息安全 • 上一篇    下一篇

采用深度学习的DGA域名检测模型比较

裴兰珍1,2, 赵英俊1, 王哲1, 罗赟骞2   

  1. (空军工程大学防空反导学院 西安710051)1
    (中国人民解放军95899部队 北京100085)2
  • 收稿日期:2018-04-17 修回日期:2018-06-29 发布日期:2019-05-15
  • 作者简介:裴兰珍(1982-),女,博士生,工程师,主要研究方向为装备作战运用与保障、软件测试,E-mail:peilanzhen2018@163.com;赵英俊(1966-),男,博士,教授,博士生导师,主要研究方向为装备作战运用与保障,E-mail:zhaoyingjun2018@163.com(通信作者);王 哲(1985-),男,博士生,讲师,主要研究方向为装备作战使用与保障;罗赟骞(1981-),男,博士后,工程师,CCF会员,主要研究方向为网络空间安全。
  • 基金资助:
    全军军事学研究生课题项目(2014JY514)资助。

Comparison of DGA Domain Detection Models Using Deep Learning

PEI Lan-zhen1,2, ZHAO Ying-jun1, WANG Zhe1, LUO Yun-qian2   

  1. (School of Air and Missile Defense,Air Force Engineering University,Xi’an 710051,China)1
    (Army 95899 of PLA,Beijing 100085,China)2
  • Received:2018-04-17 Revised:2018-06-29 Published:2019-05-15

PDF (PC)

1488

摘要: 针对DGA域名难以检测的问题,构建了一种面向字符的采用深度学习的DGA域名检测模型,模型由字符嵌入层、特征检测层和分类预测层组成。字符嵌入层实现对输入DGA域名的数字编码;特征检测层采用深度学习模型自动提取特征;分类预测层采用全连接网络进行分类预测。为了选取最优的特征提取模型,分析比较了采用Bidirectional机制、Stack机制和Attention机制的LSTM模型与GRU模型,CNN模型,以及将CNN模型分别与LSTM模型和GRU模型相组合的模型。结果表明,与LSTM和GRU模型相比,采用Stack机制、前向Attention机制结合Bidirectional机制的LSTM和GRU模型,CNN模型,CNN模型与LSTM和GRU相组合的模型可提升模型的检测效果,但采用CNN和Bi-GRU组合构建的DGA域名检测模型可获得最优的检测效果。

关键词: 长短期记忆网络, 动态域名生成算法, 卷积神经网络, 门控循环单元, 深度学习, 网络空间安全

Abstract: For solving the problem of detection diffculty of the DGA domain name,this paper proposed a new DGA domain detection model from the viewpoint of character level by deep learning model.The model consisted of character embedding layer,feature detection layer and classification prediction layer.The character embedding layer realizes the digital encoding of DGA domain.The feature detection layer adopts the deep learning model to extract features automati-cally,and the classification prediction layer adopts neural network for classification prediction.In order to select the optimal model of feature extraction,the LSTM and GRU models using Bidirectional mechanism,Stack mechanism,Attention mechanism,CNN models and CNN models integrated respectively with LSTM and GRU model were compared.The results show that the LSTM and GRU models using Stack mechanism and Attention mechanism integrated with Bidirectional mechanism,CNN models and CNN models integrated with LSTM and GRU model can improve the detection effect.The DGA domain detection model using CNN model integrated with Bi-GRU can obtain the optimum detection effect.

Key words: Convolutional neural network, Cyberspace security, Danamic domain generation algorithms, Deep learning, Gatedrecurrent unit, Long short-term memory

中图分类号: 

  • TP393.08
[1]ABAKUMOV A.DGA[EB/OL].(2017-07-31)[2018-04-13].https://github.com/andrewaeva/ DGA.
[2]SHA H Z,LIU Q Y,LIU T W,et al.Survey on Malicious Webpage Detection Research [J].Chinese Journal of Computers,2016,39(3):529-542.(in Chinese)沙泓州,刘庆云,柳厅文,等.恶意网页识别研究综述[J].计算机学报,2016,39(3):529-542.
[3]ZHAO G,XU K,XU L,et al.Detecting APT Malware Infections Based on Malicious DNS and Traffic Analysis[J].IEEE Access,2015,3:1132-1142.
[4]WANG X,WU Y,LU Z G.Study on Malicious URL Detection Based on Threat Intelligence Platform[J].Computer Science,2018,45(3):124-130,170.(in Chinese)汪鑫,武杨,卢志刚.基于威胁情报平台的恶意URL检测研究[J].计算机科学,2018,45(3):124-130,170.
[5]SAHOO D,LIU C H,HOI S.Malicious URL Detection usingMachine Learning:A Survey[EB/OL].(2017-03-16)[2018-04-13].https://arxiv.org/abs/ 1701.07179.
[6]WOODBRIDGE J,ANDERSON H,AHUJA A,et al.Predicting Domain Generation Algorithms with Long Short-Term Memory Networks[EB/OL].(2016-11-02)[2018-04-13].https://arxiv.org/abs/ 1611.00791.
[7]SAXE J,BERLIN K.eXpose:A Character-Level Convolutional Neural Network with Embeddings For Detecting Malicious URLs,File Paths and Registry Keys[EB/OL].(2017-02-27)[2018-04-13].https://arxiv.org/abs/1702.08568.
[8]YU B,GRAY D L,PAN J.Inline DGA Detection with DeepNetworks [C]∥2017 IEEE International Conference on Data Mining Workshops (ICDMW).New Orleans:IEEE Press,2017:2375-9259.
[9]VINAYAKUMAR R,SOMAN K P,POORNACHANDRAN P.Detecting malicious domain names using deep learning approaches at scale[J].Journal of Intelligent and Fuzzy Systems,2018,34(3):1355-1367.
[10]ZENG F,CHANG S,WAN X C.Classification for DGA-Based Malicious Domain Names with Deep Learning Architectures[J].International Journal of Intelligent Information Systems,2017,6(6):67-71.
[11]陈立皇,程华,房一泉.基于注意力机制的DGA域名检测算法[EB/OL].(2018-06-19)[2018-06-25].http://kns.cnki.net/kcms/detail/31.1691.TQ.20180615.1620.004.html.
[12]ANDERSON H S.DeepDGA:Adversarially-Tuned DomainGeneration and Detection [C]∥AISec’16 Proceedings of the 2016 ACM Workshop on Artificial Intelligence and Security.New York:ACM Press,2016:13-21.
HOCHREITER S, SCHMIDHUBER J.Long short-term memo-ry.Neural Computation,1997,9(8):1735-1780.
CHO K,MERRIENBOER B V,GULCEHRE C,et al.Learning phrase representations using RNN encoder-decoder for statistical machine translation .(2014-09-03).https://arxiv. org/abs/1406.1078.
[15]FANCOIS C.Deep Learning with Python[M].New York:Manning Publications,2017:192-215.
[16]RAFFEL C,ELLIS P W.Feed-Forward Networks with Attention Can Solve Some Long-Term Memory Problems[EB/OL].(2016-09-20)[2018-04-13].https://arxiv.org/abs/1512.08756.
[17]YANG Z,YANGD,DYER C,et al.Hierarchical Attention Networks for Document Classification [C]∥NAACL-HLT 2016:Proceedings of the 2016 Conference of the North American Chapter of the Association for Computational Linguistics:Human Language Technologies.San Diego:Association for Computational Linguistics,2016:1480-1489.
[18]Wikipedia.Trapezoidal rule[EB/OL].(2018-03-16)[2018-04-13].https://en.wikipedia.org/wiki/ Trapezoidal_rule.
[1] 饶志双, 贾真, 张凡, 李天瑞.
基于Key-Value关联记忆网络的知识图谱问答方法
Key-Value Relational Memory Networks for Question Answering over Knowledge Graph
计算机科学, 2022, 49(9): 202-207. https://doi.org/10.11896/jsjkx.220300277
[2] 汤凌韬, 王迪, 张鲁飞, 刘盛云.
基于安全多方计算和差分隐私的联邦学习方案
Federated Learning Scheme Based on Secure Multi-party Computation and Differential Privacy
计算机科学, 2022, 49(9): 297-305. https://doi.org/10.11896/jsjkx.210800108
[3] 周乐员, 张剑华, 袁甜甜, 陈胜勇.
多层注意力机制融合的序列到序列中国连续手语识别和翻译
Sequence-to-Sequence Chinese Continuous Sign Language Recognition and Translation with Multi- layer Attention Mechanism Fusion
计算机科学, 2022, 49(9): 155-161. https://doi.org/10.11896/jsjkx.210800026
[4] 徐涌鑫, 赵俊峰, 王亚沙, 谢冰, 杨恺.
时序知识图谱表示学习
Temporal Knowledge Graph Representation Learning
计算机科学, 2022, 49(9): 162-171. https://doi.org/10.11896/jsjkx.220500204
[5] 李宗民, 张玉鹏, 刘玉杰, 李华.
基于可变形图卷积的点云表征学习
Deformable Graph Convolutional Networks Based Point Cloud Representation Learning
计算机科学, 2022, 49(8): 273-278. https://doi.org/10.11896/jsjkx.210900023
[6] 王剑, 彭雨琦, 赵宇斐, 杨健.
基于深度学习的社交网络舆情信息抽取方法综述
Survey of Social Network Public Opinion Information Extraction Based on Deep Learning
计算机科学, 2022, 49(8): 279-293. https://doi.org/10.11896/jsjkx.220300099
[7] 王馨彤, 王璇, 孙知信.
基于多尺度记忆残差网络的网络流量异常检测模型
Network Traffic Anomaly Detection Method Based on Multi-scale Memory Residual Network
计算机科学, 2022, 49(8): 314-322. https://doi.org/10.11896/jsjkx.220200011
[8] 郝志荣, 陈龙, 黄嘉成.
面向文本分类的类别区分式通用对抗攻击方法
Class Discriminative Universal Adversarial Attack for Text Classification
计算机科学, 2022, 49(8): 323-329. https://doi.org/10.11896/jsjkx.220200077
[9] 姜梦函, 李邵梅, 郑洪浩, 张建朋.
基于改进位置编码的谣言检测模型
Rumor Detection Model Based on Improved Position Embedding
计算机科学, 2022, 49(8): 330-335. https://doi.org/10.11896/jsjkx.210600046
[10] 陈泳全, 姜瑛.
基于卷积神经网络的APP用户行为分析方法
Analysis Method of APP User Behavior Based on Convolutional Neural Network
计算机科学, 2022, 49(8): 78-85. https://doi.org/10.11896/jsjkx.210700121
[11] 朱承璋, 黄嘉儿, 肖亚龙, 王晗, 邹北骥.
基于注意力机制的医学影像深度哈希检索算法
Deep Hash Retrieval Algorithm for Medical Images Based on Attention Mechanism
计算机科学, 2022, 49(8): 113-119. https://doi.org/10.11896/jsjkx.210700153
[12] 孙奇, 吉根林, 张杰.
基于非局部注意力生成对抗网络的视频异常事件检测方法
Non-local Attention Based Generative Adversarial Network for Video Abnormal Event Detection
计算机科学, 2022, 49(8): 172-177. https://doi.org/10.11896/jsjkx.210600061
[13] 檀莹莹, 王俊丽, 张超波.
基于图卷积神经网络的文本分类方法研究综述
Review of Text Classification Methods Based on Graph Convolutional Network
计算机科学, 2022, 49(8): 205-216. https://doi.org/10.11896/jsjkx.210800064
[14] 胡艳羽, 赵龙, 董祥军.
一种用于癌症分类的两阶段深度特征选择提取算法
Two-stage Deep Feature Selection Extraction Algorithm for Cancer Classification
计算机科学, 2022, 49(7): 73-78. https://doi.org/10.11896/jsjkx.210500092
[15] 张颖涛, 张杰, 张睿, 张文强.
全局信息引导的真实图像风格迁移
Photorealistic Style Transfer Guided by Global Information
计算机科学, 2022, 49(7): 100-105. https://doi.org/10.11896/jsjkx.210600036
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发