摘要
已有DGA检测方法已经获得了较高的检测精度,但在缩略域名上存在误报率高的问题。主要原因是缩略域名字符间随机性高,现有检测方法从随机性角度很难有效地区分缩略域名和DGA域名。在分析了缩略域名的字符特性后,基于自注意力机制实现了域名字符依赖性的检测;并采用LSTM改进了Transformer模型的编码方式,以更好地捕获域名中字符位置信息;基于Transformer模型构建了DGA域名检测方法(MHA)。实验结果表明,MHA可以有效地区分出DGA域名和缩略域名,得到了更高的精确率和更低的误报率。
Existing DGA detection methods have achieved high detection accuracy,but there is a problem of high false alarm rate in abbreviated domain names.The main reason is that the abbreviated domain names have high randomness among characters and it is difficult for the existing detection methods to distinguish abbreviated domain names from DGA domain names.After analyzing the character characteristics of the abbreviated domain names,the detection of domain name character dependence is realized based on self-attention mechanism.Then,LSTM is used to improve the encoding way of Transformer model to better capture the location information of characters in domain names.A DGA domain name detection method(MHA)is constructed based on Transformer model.Experimental results show that the algorithm can effectively distinguish DGA domain names from abbreviated domain names,and get higher accuracy and lower false alarm rate.
作者
张鑫
程华
房一泉
ZHANG Xin;CHENG Hua;FANG Yi-quan(School of Information Science and Engineering,East China University of Science and Technology,Shanghai 200237,China)
出处
《计算机工程与科学》
CSCD
北大核心
2020年第3期411-417,共7页
Computer Engineering & Science
基金
赛尔网络下一代互联网技术创新项目(NGII20170520)。
