针对现有恶意域名检测算法对于家族恶意域名检测精度不高和实时性不强的问题,提出一种基于BiLSTM-DAE的恶意域名检测算法。通过利用双向长短时记忆神经网络(Bi-directional Long Short Term Memory,BiLSTM)提取域名字符组合的上下文序列特征,并结合深度自编码网络(Deep Auto-Encoder,DAE)逐层压缩感知提取类内有共性和类间有区分性的强字符构词特征并进行分类。实验结果表明,与当前主流恶意域名检测算法相比,该算法在保持检测开销较小的基础上,具有更高的检测精度。
MULTI-FAMILY MALICIOUS DOMAIN NAMES DETECTION ALGORITHM BASED ON BILSTM-DAE
Aimed at the problem of poor detection accuracy and real-time performance of existing malicious domain name detection algorithms for family malicious domain names,a BiLSTM-DAE based malicious domain name detection algorithm is proposed.A Bi-directional long short term memory(BiLSTM)network was used to extract the context sequence features of domain name character,and deep auto-encoder(DAE)was used to extract and classify word formation features of strong characters layer by layer which were similarities within classes and distinctions between classes.The experimental results show that compared with the current mainstream malicious domain name detection algorithm,the algorithm has higher detection accuracy while keeping the detection overhead smaller.
Malicious domain names detectionDeep auto-encoderBi-directional long short term memoryWord-formation features
万方数据
维普
