摘要
DGA域名是一类由特定算法生成,用来与恶意C&C服务器进行通信的域名,针对DGA域名的检测一直是一个研究热点。有文献提出了基于PCFG模型的DGA域名生成算法,在现有DGA检测方法的测试下,它的抗检测效果非常显著。这是因为它由合法域名生成,具备合法域名的统计特征。基于此,本文提出了将神经网络和自注意力机制相结合的检测模型M-LSTM,它利用Bi-LSTM实现字符序列编码以及初步特征提取,并结合多头注意力机制进行深度特征提取。实验结果表明,该算法在检测基于PCFG模型的域名上效果优异。
DGA (domain generation algorithms) domain names are a class of domain names generated by specific algorithms and they are used to communicate with malicious C&C servers. The detection of DGA domain names has always been a research hotspot. DGA based on the PCFG model has been proposed Lately. Under the test of the existing DGA detection technology, its anti-detection effect is very obvious. This is because it is generated by a legal domain name and has the same statistical characteristics of a legitimate domain name. Based on this, this paper proposes a detection model M-LSTM that combines neural network and self-attention mechanism. Bi-LSTM is employed to realize character sequence coding and preliminary feature extraction, combined with Multi-Head Attention mechanism for depth feature extraction. The experimental results show that the algorithm is excellent in detecting domain names based on PCFG model.
作者
黄偲琪
张冬梅
闫博
HUANG Si-qi;ZHANG Dong-mei;YAN Bo(School of Cyberspace Security, Beijing University of Posts and Telecommunication, Beijing, 100876)
出处
《软件》
2019年第2期83-90,共8页
Software
关键词
域名检测
多头注意力机制
PCFG模型
Domain name detection
Multi-Head attention mechanism
PCFG model
