Improved algorithm for detection of the malicious domain name based on the convolutional neural network

被引：0

作者：

Yang L. ^{[1
]}

Liu G. ^{[1
,2
]}

Zhai J. ^{[2
]}

Liu W. ^{[1
]}

Bai H. ^{[1
]}

Dai Y. ^{[1
,2
]}

机构：

[1] School of Automation, Nanjing University of Science & Technology, Nanjing

[2] School of Electronic & Information Engineering, Nanjing University of Information Science & Technology, Nanjing

来源：

Xi'an Dianzi Keji Daxue Xuebao/Journal of Xidian University | 2020年 / 47卷 / 01期

关键词：

Convolutional neural network; Deep learning; Domain generation algorithms; Information security;

D O I：

10.19665/j.issn1001-2400.2020.01.006

中图分类号：

学科分类号：

摘要：

Aiming at the problem that the existing detection methods are not efficient in detecting the malicious domain name generated by the algorithm, especially the detection rate of several types of malicious domain names that are difficult to detect is low, an improved algorithm for detection of the malicious domain name based on the convolutional neural network is proposed. Based on the existing convolutional neural network model, this algorithm adds convolutional branches to extract deeper character-level features, so that both shallow and deep character-level features of malicious domain names could be extracted and fused simultaneously. A focal loss function is introduced as a loss function to solve the problem of sample imbalance caused by difficulty and quantity, which is used to improve the detection accuracy of hard-to-detect samples. The average detection accuracy of the improved algorithm for 20 types of malicious domain names is 97.62%, that is, 0.94% higher than that of the original algorithm, and the detection accuracy of four hard-to-detect domain names is increased by 3.71%, 4.6%, 11.18% and 17.8%, respectively. Experimental results show that the improved algorithm can effectively improve the detection accuracy of malicious domain names, especially for some hard-to-detect domain names. © 2020, The Editorial Board of Journal of Xidian University. All right reserved.

引用

页码：37 / 43

页数：6

共 16 条

[1] Yang H., Na Y., Android Malware Detection Model, Journal of Xidian University, 46, 3, pp. 45-51, (2019)
[2] Chanthakoummane Y., Saiyod S., Benjamas N., Et al., Improving Intrusion Detection on Snort Rules for Botnets Detection, Lecture Notes in Electrical Engineering: 376, pp. 765-779, (2016)
[3] Yadav S., Reddy A.K.K., Reddy A.L.N., Et al., Detecting Algorithmically Generated Malicious Domain Names, Proceedings of the ACM SIGCOMM Internet Measurement Conference, pp. 48-61, (2010)
[4] Yadav S., Reddy A.K.K., Narasimha Reddy A.L., Et al., Detecting Algorithmically Generated Domain-flux Attacks with DNS Traffic Analysis, IEEE/ACM Transactions on Networking, 20, 5, pp. 1663-1677, (2012)
[5] Schiavoni S., Maggi F., Cavallaro L., Et al., Tracking and Characterizing Botnets Using Automatically Generated Domains, Computer Science, (2013)
[6] Schiavoni S., Maggi F., Cavallaro L., Et al., Phoenix: DGA-based Botnet Tracking and Intelligence, Lecture Notes in Computer Science: 8550, pp. 192-211, (2014)
[7] Bilge L., Sen S., Balzarotti D., Et al., EXPOSURE: A Passive DNS Analysis Service to Detect and Report Malicious Domains, ACM Transactions on Information and System Security, 16, 4, (2014)
[8] Raghuram J., Miller D.J., Kesidis G., Unsupervised, Low Latency Anomaly Detection of Algorithmically Generated Domain Names by Generative Probabilistic Modeling, Journal of Advanced Research, 5, 4, pp. 423-433, (2014)
[9] Yang L.H., Zhai J.T., Liu W.W., Et al., Detecting Word-based Algorithmically Generated Domains Using Semantic Analysis, Symmetry, 11, 176, pp. 1-20, (2019)
[10] Woodbridge J., Anderson H.S., Ahuja A., Et al., Predicting Domain Generation Algorithms with Long Short-term Memory Networks, Computer Science, (2016)

← 1 2 →