摘要
Domain Flux僵尸网络域名多用于僵尸网络的命令控制信道中,因此检测Domain Flux僵尸网络域名对僵尸网络的检测有重要意义。目前Domain Flux僵尸网络域名的检测方法存在较多的问题,如资源消耗多、检测精确率不高等。针对这些问题,文章提出了一种基于加权支持向量机的Domain Flux僵尸网络域名检测方法。通过分析Domain Flux僵尸网络域名和正常域名的区别,提取出数十种域名特征用于区分正常域名和Domain Flux僵尸网络域名;为了使每种特征发挥最大的区分效果,通过信息增益比来计算每种特征的权重值并对特征进行加权;使用支持向量机算法对加权后的特征数据集进行训练,获得检测模型。实验表明,该方法有效地提高了Domain Flux僵尸网络域名的检测准确率,可以较好的识别Domain Flux僵尸网络域名。
Domain Flux botnet domain names are mostly used in botnet command control channels,so detection of Domain Flux botnet domain names is very important for botnet detection.There are many problems in the detection methods of Domain Flux botnet domain names at present.For example,resource consumption is high and detection accuracy is not high.To solve these problems,this paper proposes a Domain Flux botnet domain name detection method based on weighted support vector machine.By analyzing the difference between Domain Flux botnet domain name and traditional domain name,dozens of domain name features are extracted to distinguish normal domain name and Domain Flux botnet domain name.In order to maximize the distinguishing effect of each feature,the weights of each feature are calculated by the information gain ratio and weighted by the feature.The SVM algorithm is trained on the weighted feature data set to obtain the detection model.Experiments show that this method effectively improves the detection accuracy of Domain Flux botnet domain names,and can better identify Domain Flux botnet domain names.
作者
宋金伟
杨进
李涛
SONG Jinwei;YANG Jin;LI Tao(College of Computer Science,Sichuan University,Chengdu Sichuan 610065,China)
出处
《信息网络安全》
CSCD
北大核心
2018年第12期66-71,共6页
Netinfo Security
基金
国家重点研发计划[2016yfb0800604
2016yfb0800605]
国家自然科学基金[61572334
U1736212]
四川省重点研发项目[2018GZ0183]
