域名生成算法检测技术综述

Survey of Detection Techniques for Domain Generation Algorithm

C&C服务器是网络攻击者用于控制僵尸主机的中间服务器,在僵尸网络中处于核心位置。为增强C&C服务器的隐蔽性,网络攻击者使用域名生成算法来隐藏C&C服务器地址。近年来,域名生成算法检测技术作为检测僵尸网络的重要手段,已经成为一个研究热点。首先,介绍了当前网络安全的发展态势和僵尸网络的拓扑结构。其次,介绍了域名生成算法和相关数据集。接着,介绍了域名生成算法检测技术的分类,并对这些检测技术进行总结综述。最后,探讨了现阶段域名生成算法检测技术存在的问题,并对未来研究方向进行了展望。

The C&C server is an intermediate server used by cyber attackers to control bots,and plays a key role in botnet.In order to enhance the concealment of the C&C server,cyber attackers use domain generation algorithms to hide the IP address of C&C server.In recent years,domain generation algorithm detection technology,as an important means of detecting botnets,has become a research hotspot.This paper first introduces the current development trend of cyber security and the topological structure of botnets.Secondly,the domain generation algorithm and the related dataset are introduced.Then,the classification of domain generation algorithm detection techniques is introduced,and these detection techniques are summarized.Finally,the pro-blems existing in the domain generation algorithm detection technology at the present stage are discussed,and the future research directions are prospected.