基于可分离卷积的轻量级恶意域名检测模型

doi:10.11959/j.issn.2096-109x.2020084

Abstract

Abstract:

The application of artificial intelligence in the detection of malicious domain names needs to consider both accuracy and calculation speed,which can make it closer to the actual application.Based on the above considerations,a lightweight malicious domain name detection model based on separable convolution was proposed.The model uses a separable convolution structure.It first applies depthwise convolution on every input channel,and then performs pointwise convolution on all output channels.This can effectively reduce the parameters of convolution process without impacting the effectiveness of convolution feature extraction,and realize faster convolution process while keeping high accuracy.To improve the detection accuracy considering the imbalance of the number and difficulty of positive and negative samples,a focal loss function was introduced in the training process of the model.The proposed algorithm was compared with three typical deep-learning-based detection models on a public data set.Experimental results denote that the proposed algorithm achieves detection accuracy close to the state-of-the-art model,and can significantly improve model inference speed on CPU.

Key words: separable convolution, domain generation algorithm, deep learning, cyber security

CLC Number:

TP309

Luhui YANG,Huiwen BAI,Guangjie LIU,Yuewei DAI. Lightweight malicious domain name detection model based on separable convolution[J]. Chinese Journal of Network and Information Security, 2020, 6(6): 112-120.

Figures/Tables 10

References 16

[1]	YADAV S , REDDY A K K , REDDY A L N ,et al. Detecting algorithmically generated malicious domain names[C]// Proceedings of the 10th ACM SIGCOMM Conference on Internet Measurement 2010. 2010: 48-61.
[2]	YADAV S , REDDY A K K , REDDY A L N ,et al. Detecting algorithmically generated domain-flux attacks with DNS traffic analysis[J]. IEEE/ACM Transactions on Networking, 2012,20(5): 1663-1677.
[3]	BILGE L , SEN S , BALZAROTTI D ,et al. EXPOSURE:a passive DNS analysis service to detect and report malicious domains[J]. ACM Transactions on Information and System Security (TISSEC), 2014,16(4): 1-28.
[4]	YANG L , ZHAI J , LIU W ,et al. Detecting word-based algorithmically generated domains using semantic analysis[J]. Symmetry, 2019,11(2):176.
[5]	SCHIAVONI S , MAGGI F , CAVALLARO L ,et al. Tracking and characterizing botnets using automatically generated domains[J]. Computer Science, 2013(2): 217-248.
[6]	SCHIAVONI S , MAGGI F , CAVALLARO L ,et al. Phoenix:DGA-based botnet tracking and intelligence[C]// International Conference on Detection of Intrusions and Malware,and Vulnerability Assessment. 2014: 192-211.
[7]	WOODBRIDGE J , ANDERSON H S , AHUJA A ,et al. Predicting domain generation algorithms with long short-term memory networks[J]. arXiv preprint arXiv:1611.00791, 2016
[8]	YU B , GRAY D L , PAN J ,et al. Inline DGA detection with deep networks[C]// 2017 IEEE International Conference on Data Mining Workshops (ICDMW). 2017.
[9]	YU B , PAN J , HU J ,et al. Character level based detection of DGA domain names[C]// 2018 International Joint Conference on Neural Networks (IJCNN). 2018: 1-8.
[10]	TRAN D , MAC H , TONG V ,et al. A LSTM based framework for handling multiclass imbalance in DGA botnet detection[J]. Neurocomputing, 2018,275: 2401-2413.
[11]	QIAO Y , ZHANG B , ZHANG W ,et al. DGA domain name classification method based on long short term memory with attention mechanism[J]. Applied Sciences, 20199:4205.
[12]	LECUN Y , BOSER B , DENKER J S ,et al. Backpropagation applied to handwritten zip code recognition[J]. Neural Computation, 1989,1(4): 541-551.
[13]	KIM Y . Convolutional neural networks for sentence classification[J]. arXiv preprint arXiv:1408.5882, 2014
[14]	ZHANG X , ZHAO J , LECUN Y . Character-level convolutional networks for text classification[C]// Advances in Neural Information Processing Systems. 2015: 649-657.
[15]	HOWARD A G , ZHU M , CHEN B ,et al. Mobilenets:efficient convolutional neural networks for mobile vision applications[J]. arXiv:1704.04861, 2017
[16]	LIN T Y , GOYAL P , GIRSHICK R ,et al. Focal loss for dense object detection[J]. IEEE Transactions on Pattern Analysis ＆ Machine Intelligence, 2017,(99): 2999-3007.

Metrics

Recommended 0

No Suggested Reading articles found!

层类型	输入大小	输出大小	参数设置
输入层（Imput）	1×128	128×128
量化层（Embedding）	128×128	128×128
一维可分离卷积层（SeparableConv1D）	128×128	128×128	Kernel_size=5，Stride=1
随机失活层（Dropout）	128×128	128×128	Dropout_rate=0.5
展开层（Flatten）	128×128	1×16384
全连接层（Dense）	1×16384	1×128
随机失活层（Dropout）	1×128	1×128	Dropout_rate=0.5
全连接层（Dense）	1×128	1×1
激活层（Activation）	1×1	1×1	Activation= ‘sigmoid’

样本标签	样本描述	数量/个
合法域名	样本来自思科收集的DNS请求白名单	400 000
恶意域名	20种恶意软件生成的DGA样本，具体类型如下：Gameover、Murofet、Dircrypt、Tinba、Necurs、Ramdo、Ranbyus、Cryptolocker、Emotet、Corebot、Banjori、Qakbot、Rovnix、Kraken、Ramnit、Locky、Pykspa、Simda、Symmi、Virut	100 000

算法	召回率	平均准确率	AUC	CPU推理时间/ms
文献[8]算法	94.06%	96.61%	0.9968	1.05
文献[7]算法	95.36%	96.97%	0.9960	2.07
文献[10]算法	96.26%	97.51%	0.9971	2.09
本文算法	96.75%	97.46%	0.9971	0.60

Lightweight malicious domain name detection model based on separable convolution

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 10

References 16

Related Articles 15

Metrics

Recommended 0

[1]	Xiaomeng LI, Daidou GUO, Xunfang ZHUO, Heng YAO, Chuan QIN. Carrier-independent screen-shooting resistant watermarking based on information overlay superimposition [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 135-149.
[2]	Rongna XIE, Zhuhong MA, Zongyu LI, Ye TIAN. Encrypted traffic classification method based on convolutional neural network [J]. Chinese Journal of Network and Information Security, 2022, 8(6): 84-91.
[3]	Dengyong ZHANG, Huang WEN, Feng LI, Peng CAO, Lingyun XIANG, Gaobo YANG, Xiangling DING. Image inpainting forensics method based on dual branch network [J]. Chinese Journal of Network and Information Security, 2022, 8(6): 110-122.
[4]	Jiaying LIN, Wenbo ZHOU, Weiming ZHANG, Nenghai YU. Lip forgery detection via spatial-frequency domain combination [J]. Chinese Journal of Network and Information Security, 2022, 8(6): 146-155.
[5]	Jinyin CHEN, Changan WU, Haibin ZHENG. Novel defense based on softmax activation transformation [J]. Chinese Journal of Network and Information Security, 2022, 8(2): 48-63.
[6]	Baolin QIU, Ping YI. Adversarial examples defense method based on multi-dimensional feature maps knowledge distillation [J]. Chinese Journal of Network and Information Security, 2022, 8(2): 88-99.
[7]	Lijuan LI, Man LI, Hongjun BI, Huachun ZHOU. Multi-type low-rate DDoS attack detection method based on hybrid deep learning [J]. Chinese Journal of Network and Information Security, 2022, 8(1): 73-85.
[8]	Zhongyuan QIN, Zhaoxiang HE, Tao LI, Liquan CHEN. Adversarial example defense algorithm for MNIST based on image reconstruction [J]. Chinese Journal of Network and Information Security, 2022, 8(1): 86-94.
[9]	Deqing ZOU, Xiang LI, Minhuan HUANG, Xiang SONG, Hao LI, Weiming LI. Intelligent vulnerability detection system based on graph structured source code slice [J]. Chinese Journal of Network and Information Security, 2021, 7(5): 113-122.
[10]	Shuo WANG, Jun BAI, Bailing WANG, Xu ZHANG, Hongri LIU. Accelerated traffic replay method based on time compression [J]. Chinese Journal of Network and Information Security, 2021, 7(5): 178-188.
[11]	Hao ZHAO, Hui SHU, Fei KANG, Ying XING. High resistance botnet based on smart contract [J]. Chinese Journal of Network and Information Security, 2021, 7(4): 30-41.
[12]	Zhenglong WANG, Baowen ZHANG. Survey of generative adversarial network [J]. Chinese Journal of Network and Information Security, 2021, 7(4): 68-85.
[13]	Binglong LI, Jinlong TONG, Yu ZHANG, Yifeng SUN, Qingxian WANG, Chaowen CHANG. Auto forensic detecting algorithms of malicious code fragment based on TensorFlow [J]. Chinese Journal of Network and Information Security, 2021, 7(4): 154-163.
[14]	Qingyin TAN, Yingming ZENG, Ye HAN, Yijing LIU, Zheli LIU. Survey on backdoor attacks targeted on neural network [J]. Chinese Journal of Network and Information Security, 2021, 7(3): 46-58.
[15]	Ximeng LIU,Lehui XIE,Yaopeng WANG,Xuru LI. Adversarial attacks and defenses in deep learning [J]. Chinese Journal of Network and Information Security, 2020, 6(5): 36-53.