摘要
近年来,网络安全问题层出不穷,其中僵尸网络是造成网络瘫痪的重要原因之一。僵尸网络利用域名生成算法(DGA)生成大量恶意域名进行网络攻击,对网络安全造成威胁。现有的DGA域名主要分为字典型和字符型,传统的深度学习方法无法同时检测出两种类型的DGA域名,尤其是无法检测出基于字典的DGA域名。针对这个问题,本文提出了改进的CNN-LSTM的DGA域名检测算法,该算法融合了卷积神经网络(CNN)、注意力机制和双向长短时记忆网络(BiLSTM),可以同时检测出两种类型的DGA域名。最后进行了不同算法的对比实验,实验结果表明,与其他深度学习模型相比,该算法提高了DGA域名的二分类和多分类的准确率和F1值。在多分类实验中,通过改进损失函数,提高了小样本数据的域名检测率。
Network security problems have emerged one after another recenetly.The botnet is one of the important reasons for network paralysis.Botnets use the domain name generation algorithm(DGA)to generate a large number of malicious domain names for network attacks,which poses a threat to network security.The existing DGA domain names are mainly divided into dictionary-based and character-based domain names,the traditional detection method is not available for the DGA domain name detection,especially for the dictionary-based DGA domain name detection.An improved CNN-LSTM algorithm was proposed for the DGA domain name detection to detect both character-based and dictionary-based DGA domain names in the work.The algorithm incorporated a convolutional neural network(CNN),the attention mechanism,and a bidirectional long-short-term memory network(BiLSTM).Finally,a comparative experiment of different algorithms is carried out.The experimental results show that,compared with other deep learning algorithms,this algorithm improves tthe accuracy and FI value of the binary classification and multi-classification of DGA domain names.In the multi-classification experiment,the detection rate of domain names with small sample data is improved by improving the loss function.
作者
褚冰融
付海艳
刘梦
CHU Bingrong;FU Haiyan;LIU Meng(School of Information Science and Technology,Hainan Normal University,Haikou 571127,China)
出处
《海南师范大学学报(自然科学版)》
CAS
2023年第3期237-248,共12页
Journal of Hainan Normal University(Natural Science)
基金
国家自然科学基金项目(62262019)
海南省自然科学基金项目(622RC675,2019CXTD405)。
关键词
DGA域名
深度学习
恶意域名检测
域名检测算法
注意力机制
DGA domain name
deep learning
malicious domain name detection
domain name detection algorithm
attention mechanism
