DGA Malicious Domain Name Detection Based on Deep Learning
Attackers often use Domain Generation Algorithms(DGAs)to generate numerous random domain names for transmitting malicious software control commands.However,traditional DGA detection methods have problems such as large amount of calculation and low detection accuracy.The use of machine learning and deep learning methods can greatly alleviate these problems.Firstly,features are extracted from both DGA and legitimate domains across three dimensions:fundamental characteristics,linguistic attributes,and statistical properties.Then machine learning algorithms are used to train models on these feature sets.Additionally,it used Long Short Term Memory(LSTM)network with domain string embedding vector as input to extract deep features of domain names for domain name detection.By comparing the training results of the model through evaluation metrics such as precision,recall,F1 score,ROC curve,AUC value,etc.,a better DGA domain name detection model is obtained.
Domain name generation algorithmMachine learningDeep learningDomain name detection
NETL
NSTL
万方数据
