摘要
僵尸网络广泛采用DGA(Domain Generation Algorithm)技术来逃避网络安全检测,DGA恶意域名的检测工作备受关注。针对DGA域名检测率不高、计算量大的问题,采用机器学习的域名检测方法,在语法特征和N-Gram模型特征的基础上,加入隐马尔可夫模型特征作为区别特征,使检测率进一步提高,并对N-Gram模型特征进行简单优化,减少计算复杂度,之后将决策树算法和支持向量机算法对比,择优地选择使用支持向量机法进行模型训练,意在为恶意域名检测提供一种新的检测思路。
Botnets widely use DGA(domain generation algorithm)technology to avoid network security detection,and the detection of DGA malicious domain names has attracted much attention.Aiming at the problems of low detection rate and large amount of calculation of DGA domain name,the machine learning domain name detection method is adopted.On the basis of syntax features and N-gram model features,hidden Markov model features are added as distinguishing features to further improve the detection rate.The characteristics of N-gram model are simply optimized to reduce the computational complexity.Then,the decision tree algorithm is compared with the support vector machine algorithm,Support vector machine(SVM)is selected to train the model,which is intended to provide a new detection idea for malicious domain name detection.
作者
张建辉
孙皓月
赵万旗
ZHANG Jian-hui;SUN Hao-yue;ZHAO Wan-qi(Hebei Institute of architecture and engineering,Zhangjiakou,Hebei 075000)
出处
《河北建筑工程学院学报》
CAS
2021年第4期160-164,180,共6页
Journal of Hebei Institute of Architecture and Civil Engineering
关键词
域名检测
隐马尔可夫模型
支持向量机算法
domain detection
Hidden Markov model
Support vector machine algorithm