Computer Science

Computer Science ›› 2023, Vol. 50 ›› Issue (12): 337-342.doi: 10.11896/jsjkx.221000179

• Information Security • Previous Articles     Next Articles

Domain-Flux Botnet Detection Method with Fusion of Character and Word Dual-channel

LI Xiaodong, SONG Yuanfeng, LI Yuqiang   

  1. Information Center,University of Electronic Science and Technology of China,Chengdu 611731,China
  • Received:2022-10-23 Revised:2023-03-11 Online:2023-12-15 Published:2023-12-07
  • About author:LI Xiaodong,born in 1982,postgra-duate,engineer.Her main research in-terests include artificial intelligence,information security and software engineering.

PDF (PC)

2579

Abstract: Domain-Flux is a technique for keeping a malicious botnet in operation by constantly changing the domain name of the botnet owner's command and control(C&C) server,which can effectively evade the detection of network security devices.Aming at the problem that the information extraction of Domain-Flux domain names is not comprehensive and the key classification features cannot be effectively captured in the existing detection methods,this paper proposes a detection model based on fusion cha-racter and word dual-channel.It extracts local features and global features by using convolutional neural network(CNN) and bidirectional long short-term memory network(BiLSTM) on the two channels respectively,which enriches the feature information of input domain names and improves the classification performance.In the character vector channel,the local spatial features are extracted for random character domain names.In the root vector channel,based on the TF-IDF algorithm,Intra-class factor is introduced to weight the root importance into the word vector,and then the temporal features before and after the combination sequence of domain names are extracted.Experimental results show that the detection accuracy of the model based on fusion character and word dual-channel is improved by 7.12% and 5.86% compared with the model of single TextCNN or BiLSTM.It also has higher precision for dictionary-based Domain-Flux detection.

Key words: Domain-Flux, Botnet, Term frequency-inverse document frequency, Convolutional neural network, Bidirectional long-term and short-term memory network

CLC Number: 

  • TP393
[1]国家互联网应急中心(CNCERT/CC).CNCERT互联网安全威胁报告[EB/OL].https://www.cert.org.cn/publish/main/45/2022/20220222162441001864709/20220222162441001864709_html.
[2]HUSSAIN F,ABBAS G S,PIRES M I,et al.A Two-Fold Ma-chine Learning Approach to Prevent and Detect IoT Botnet Attacks[J].IEEE Access,2021(9):163412-163430.
[3]WU D,CUI X,LIU Q,et al.Research on Ubiquitous Botnet[J].Netinfo Security,2018(7):16-28.
[4]GUO X M,LIANG G J,XIA L L.Domain-Flux Malicious Domain Name Detection and Analysis Based on HMM[J].Netinfo Security,2021,21(12):1-8.
[5]XIAO Q,SU K Y.Bonet Traffic Detection Based on RandomForest Algorithm[J].Microelectronics & Computer,2019,26(3):43-47.
[6]IBRAHIM H N W,ANUAR S,SELAMAT A,et al.Multilayer Framework for Botnet Detection Using Machine Learning Algorithms[J].IEEE Access,2021(9):48753-48768.
[7]HOSTIADI P D,AHMAD T.Sliding Time Analysis in TrafficSegmentation for Botnet Activity Detection[C]//2022 5th International Conference on Computing and Informatics(ICCI).IEEE,2022:286-291.
[8]YADAV J,THAKUR J.BotEye:Botnet Detection TechniqueVia Traffic Flow Analysis Using Machine Learning Classifiers[C]//2020 Sixth International Conference on Parallel,Distributed and Grid Computing(PDGC).IEEE,2020:154-159.
[9]LOPES A G,MAROTTA M A,LADEIRA M,et al.Botnet Detection Based on Network Flow Analysis Using Inverse Statistics[C]//2022 17th Iberian Conference on Information Systems and Technologies(CISTI).IEEE,2022:1-6.
[10]ALGELAL Z M,ALDHAHER E,ABDUL-WADOOD D N,et al.Botnet Detection Using Ensemble Classifiers of Network Flow[J].International Journal of Electrical and Computer Engineering(IJECE),2020,10(3):2543-2550.
[11]XIAO L S,LONG C,DU G Y,et al.Botnet Detection Based on Flow Summary[J].Computer Systems & Applications,2021,30(8):186-193.
[12]NIU W N,JIANG T Y,ZHANG X S,et al.Fast-flux Botnet Detection Method Based on Spatiotemporal Feature of Network Traffic[J].Journal of Electronics & Information Technology,2020,42(8):1872-1880.
[13]ZOU F T,TAN Y,WANG L,et al.Botnet Detection based on Generative Adversarial Network[J].Journal on Communications,2021,42(7):95-106.
[14]LIN H G,ZHANG Y L,GUO N X,et al.P2P Botnet Detection Method Based on Graph Neural Network[J].Advanced Engineering Sciences,2022,54(2):65-72.
[15]WOODBRIDGE J,ANDERSON H S,AHUJA A,et al.Predicting Domain Generation Algorithms with Long Short-term Memory Networks[J].arXiv:1611.00791,2016.
[16]LIU X Y,LIU J M,LIU C,et al.Novel Botnet DGA Domain Detection Method Based on Character Level Sliding Window and Deep Residual Network[J].Acta Electronica Singca,2022,50(1):250-256.
[17]LANG B,XIE C,CHEN S,et al.Fast-Flux Malicious DomainName Detection Method Based on Multimodal Feature Fusion[J].Netinfo Security,2022,22(4):20-29.
[18]JING L,HE T T.Chinese Text Classification Model Based on Improved TF-IDF and ABLCNN[J].Computer Science,2021,48(S2):170-175.
[19]Alexa sites[EB/OL].https://www.alexa.com/topsites/.
[20]DGA domain list[EB/OL].https://data.netlab.360.com/dag/.
[1] ZHU Ye, HAO Yingguang, WANG Hongyu. Deep Learning Based Salient Object Detection in Infrared Video [J]. Computer Science, 2023, 50(9): 227-234.
[2] YI Liu, GENG Xinyu, BAI Jing. Hierarchical Multi-label Text Classification Algorithm Based on Parallel Convolutional Network Information Fusion [J]. Computer Science, 2023, 50(9): 278-286.
[3] ZHAO Ran, YUAN Jiabin, FAN Lili. Medical Ultrasound Image Super-resolution Reconstruction Based on Video Multi-frame Fusion [J]. Computer Science, 2023, 50(7): 143-151.
[4] LUO Huilan, LONG Jun, LIANG Miaomiao. Attentional Feature Fusion Approach for Siamese Network Based Object Tracking [J]. Computer Science, 2023, 50(6A): 220300237-9.
[5] HUANG Yujiao, CHEN Mingkai, ZHENG Yuan, FAN Xinggang, XIAO Jie, LONG Haixia. Text Classification Based on Weakened Graph Convolutional Networks [J]. Computer Science, 2023, 50(6A): 220700039-5.
[6] LUO Ruiqi, YAN Jinlin, HU Xinrong, DING Lei. EEG Emotion Recognition Based on Multiple Directed Weighted Graph and ConvolutionalNeural Network [J]. Computer Science, 2023, 50(6A): 220600128-8.
[7] XIONG Haojie, WEI Yi. Study on Multibeam Sonar Elevation Data Prediction Based on Improved CNN-BP [J]. Computer Science, 2023, 50(6A): 220100161-4.
[8] LI Han, HOU Shoulu, TONG Qiang, CHEN Tongtong, YANG Qimin, LIU Xiulei. Entity Relation Extraction Method in Weapon Field Based on DCNN and GLU [J]. Computer Science, 2023, 50(6A): 220200112-7.
[9] SUN Haidong, LIU Wanping, HUANG Dong. DGA Domain Name Detection Method Based on Similarity [J]. Computer Science, 2023, 50(6A): 220400122-6.
[10] XU Changqian, WANG Dong, SU Feng, ZHANG Jun, BIAN Haifeng, LI Long. Image Recognition Method of Transmission Line Safety Risk Assessment Based on MultidimensionalData Coupling [J]. Computer Science, 2023, 50(6A): 220500032-6.
[11] WANG Jinwei, ZENG Kehui, ZHANG Jiawei, LUO Xiangyang, MA Bin. GAN-generated Face Detection Based on Space-Frequency Convolutional Neural Network [J]. Computer Science, 2023, 50(6): 216-224.
[12] ZHANG Xue, ZHAO Hui. Sentiment Analysis Based on Multi-event Semantic Enhancement [J]. Computer Science, 2023, 50(5): 238-247.
[13] WANG Lin, MENG Zuqiang, YANG Lina. Chinese Sentiment Analysis Based on CNN-BiLSTM Model of Multi-level and Multi-scale Feature Extraction [J]. Computer Science, 2023, 50(5): 248-254.
[14] YE Han, LI Xin, SUN Haichun. Convolutional Network Entity Missing Detection Method Combined with Gated Mechanism [J]. Computer Science, 2023, 50(5): 262-269.
[15] CHANG Liwei, LIU Xiujuan, QIAN Yuhua, GENG Haijun, LAI Yuping. Multi-source Fusion Network Security Situation Awareness Model Based on Convolutional Neural Network [J]. Computer Science, 2023, 50(5): 382-389.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.