基于字符和词特征融合的恶意域名检测
Malicious domain name detection based on feature fusion of character and word
赵宏 1申宋彦 1韩力毅 1吴喜川1
作者信息
- 1. 兰州理工大学计算机与通信学院,甘肃兰州 730050
- 折叠
摘要
针对现有恶意域名检测方法对域名生成算法(domain generation algorithm,DGA)随机产生的恶意域名检测性能不高,且对由随机单词组成的恶意域名检测效果较差的问题,提出一种基于字符和词特征融合的恶意域名检测算法(cha-racter and word network,CWNet).利用并行卷积神经网络分别提取域名中字符和词的特征;将两种特征进行拼接,构造成融合特征;利用Softmax函数实现合法域名与恶意域名的检测.实验结果表明,该算法可以提升对恶意域名的检测能力,对更具挑战性的恶意域名家族的检测准确率提升效果更为明显.
Abstract
Aiming at the problems that the existing malicious domain name detection methods do not have high performance in detecting the malicious domain names randomly generated using the DGA(domain generation algorithm)and the detection effect of the malicious domain names composed of random words is poor,a malicious domain name detection algorithm CWNet(charac-ter and word network)based on the fusion of character and word features was proposed.Parallel convolutional neural network was used to extract the features of characters and words of domain name respectively.The fusion features were constructed by splicing the features of characters and words.The detection result that whether a domain name belonged to legitimate or malicious domain name was obtained through the Softmax function.Experimental results show that the algorithm can improve the detection ability of malicious domain names,and the detection accuracy of more challenging malicious domain name families is improved more significantly.
关键词
恶意域名检测/域名生成算法/深度学习/卷积神经网络/特征融合/向量表示/损失函数Key words
malicious domain name detection/domain name generation algorithm/deep learning/convolutional neural network/feature fusion/vector representation/loss function引用本文复制引用
基金项目
国家自然科学基金(62166025)
甘肃省重点研发计划(21YF5GA073)
出版年
2024
NETL
NSTL
维普
万方数据