摘要
随着区块链域名解析技术的成熟,区块链域名已被应用于恶意代码的控制系统.为了高效检测恶意区块链域名,提出了一种检测恶意区块链域名的新型方法.通过对恶意区块链域名的资源记录和流量行为深度分析,从多个维度提取域名的特征,并对特征进行归一化处理,最后将特征向量输入到卷积神经网络训练分类模型来检测恶意区块链域名.实验结果表明,与现有方法相比,对恶意区块链域名的检测取得较好效果,F1_Score为0.9883,AUC达到0.9896,并且能够发现更多的未知恶意区块链域名.
As the blockchain domain name system(BDNS)matures,more and more hackers apply blockchain domain names(BDNs)to botnets,and network security is facing serious threats.To detect malicious BDNs more efficiently,we propose a novel method.Through in-depth analysis of the resource records and behavior of malicious BDNs,we extract the features of domain names from multiple dimensions and normalize them,finally input the feature vectors into the convolutional neural network to train the classification model to detect malicious BDNs.The experimental results show that compared with the existing methods,our method achieves a better performance in detecting malicious BDNs,with a F1_Score of 0.9883 and an AUC of 0.9896,and can discover more unknown malicious BDNs.
作者
王中华
徐杰
韩健
臧天宁
Wang Zhonghua;Xu Jie;Han Jian;Zang Tianning(National Computer Network Emergency Response Technical TeamCoordination Center of China,Beijing 100029;China Academy of Industrial Internet,Beijing 100102;Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093)
出处
《信息安全研究》
2022年第8期760-767,共8页
Journal of Information Security Research
基金
国家重点研发计划项目(2016QY05X1002)。
关键词
恶意区块链域名
卷积神经网络
僵尸网络
深度学习
域名系统
malicious blockchain domain name
convolutional neural network
botnet
deep learning
domain name system
