摘要
域名系统是互联网中不可或缺的关键基础服务,难以避免遭到不法分子的滥用。在研究僵尸网络和DGA恶意域名应用的基础上,比较了当前主流的恶意域名检测技术,提出了基于组合分类器的恶意域名检测技术框架。该技术框架以支持向量机为主分类器,融合了朴素贝叶斯分类器模型和其他统计特征。实验数据表明,该技术框架在离线训练时长、对未知DGA恶意域名家族的检测能力方面表现优秀,可以较好地满足运营商大网环境下对恶意域名的检测分析要求。
As a fundamental service on the internet, domain name system(DNS) can inevitably be abused by malicious activities. Based on the studies of Botnets and other malwares which made use of the domain generation algorithm(DGA), and researches on current major techniques of malicious domain detection, a malicious domain detection framework based on a classifier combination was proposed. The framework applied the support vector machine(SVM) as its main classifier and combined the naive Bayes classifier(NBC) supportively with some statistical characteristics. Experiment result demonstrates that the framework outperformes current techniques in the offline-training time and the capability of detecting unknow malicious domain families, which satisfies the requirement of internet service provider(ISP) to detect and analyze malicious domainson the internet.
作者
盛剑涛
陈茂飞
刘东鑫
汪来富
史国水
金华敏
SHENG Jiantao;CHEN Maofei;LIU Dongxin;WANG Laifu;SHI Guoshui;JIN Huamin(Research Institute of China Telecom Co.,Ltd.,Guangzhou 510630,China)
出处
《电信科学》
2020年第5期47-55,共9页
Telecommunications Science
关键词
恶意域名
僵尸网络
机器学习
深度学习
组合分类器
malicious domain name
Botnet
machine learning
deep learning
classifier combination
