DGA domain name detection based on eXpose and BiLSTM with multi-head Self-Attention
Aiming at the problem that subdomain name conflicts affect the accuracy of the current DGA detection algorithm,this paper first studies the relationship between domain name length distribution and the probability of conflicts,and proposes a solution to domain name conflicts under different lengths.In terms of the model,for DGA domain detection,a method based on an improved eXpose and a BiLSTM model with integrated multi-head self-attention is proposed.The proposed method combines the improved eXpose convolutional network and the BiLSTM network with multi-head attention,and introduces a deep branch on the basis of the original eXpose model,making the model more comprehensive in the scale of feature extraction.At the same time,the domain name can be extracted through the BiLSTM model sequence bidirectional contextual information.The comparative experiment on the public data set verifies the effectiveness of this method for extracting complete domain names from ultra-short subdomain names.Compared with the existing methods,the detection accuracy and other evaluation indicators of the model in this paper have been effectively improved.
domain name collisionultra-short subdomain nameCNNBiLSTMmulti-head attention mechanism
万方数据
维普
