摘要
随着物联网智能设备的普及,所带来的社会安全隐患也越来越多。正如2016年爆发的Mirai恶意软件,它正是由物联网智能设备中漏洞的入侵和渗透形成的一个大型僵尸网络。其变种内置的域名生成算法大大增强了自身的健壮性,极大程度上延长了其自身的生命周期。域名系统作为互联网重要资源,也带来了很大的安全威胁。文中分析研究了现有的恶意域名识别技术,并提出一种基于信誉评分体制的全新检测系统。选取了基于域名维度与IP维度的特征集,同时设计并实现了异常值自动评分算法,算法可以自动选择最可疑的恶意域名事件且无需已标记数据集。实验结果表明,将文中采用的自动评分技术与标准异常检测技术相比较,误报率低至0.003%,该系统的准确率比标准检测技术平均提升5~10倍。
With the popularization of Internet of things devices,there exists more and more security risks.Like the Mirai malware outbreak in 2016,it is a large Botnet created by the intrusion and penetration of vulnerabilities in smart devices in the Internet of things.The Mirai variant built-in domain name generation algorithm greatly enhances its robustness and extends its life cycle.As an important resource of Internet,DNS(domain name system)also brings great security threat.We analyze the existing malicious domain name recognition technology,and propose a new detection system based on the credit rating system.The feature set based on domain name dimension and IP dimension is selected,and the outliers automatic scoring algorithm is designed and implemented,which can automatically select the most suspect malicious domain name events through unmarked datasets.The experiment shows that compared with the standard abnormal detection technology,the false alarm rate of the proposed automatic scoring technology is as low as 0.003%.The accuracy of the system is 5~10 times higher than that of the standard detection technology.
作者
李雪妍
陈伟
杜俊雄
LI Xue-yan;CHEN Wei;DU Jun-xiong(School of Computer,Nanjing University of Posts and Telecommunications,Nanjing 210023,China)
出处
《计算机技术与发展》
2019年第8期113-118,共6页
Computer Technology and Development
基金
国家自然科学基金(61602258,61702283)
