电信科学 ›› 2014, Vol. 30 ›› Issue (7): 39-42.doi: 10.3969/j.issn.1000-0801.2014.07.007

• 专题:网络信息安全 • 上一篇    下一篇

基于改进神经网络算法的木马控制域名检测方法

刘爱江1,黄长慧2,胡光俊2   

  1. 1 公安部科技信息化局北京100741
    2 公安部第一研究所北京100048
  • 出版日期:2014-07-20 发布日期:2017-08-17

Detection Metbod of Trojan's Control Domain Based on Improved Neural Network Algoritbm

Aijiang Liu1,Changhui Huang2,Guangjun Hu2   

  1. 1 The Bureau of Science and Technology Information of Ministry of Public Security, Beijing 100741, China
    2 The First Research Institute of Ministry of Public Security, Beijing 100048, China
  • Online:2014-07-20 Published:2017-08-17

摘要:

摘要:首先对木马利用域名进行回连控制的特点进行了分析,对采用DNS进行网络木马检测的方法进行了概述,接着基于对木马域名的静态、动态特征的分析,提取了域名使用时间、访问域名周期性、IP 地址变化速度、IP地址所属国变更、IP地址为私有地址、同域名多IP 地址分属不同国家、TTL 值、域名搜索量8个指标作为BP神经网络算法的输入,并提出了一种改进BP神经网络算法来解决大量DNS域名训练效率、平均误差值大的问题;最后用改进的神经网络算法对样本进行了实验评估测试,结果显示改进算法和传统算法的检出率相当,但检测效率大为提高。

关键词: 木马病毒, 域名, 神经网络

Abstract:

Firstly, the character that the Trojans use domain name to control was analyzed and the method that DNS adopted to detect Trojans was introduced. Secondly, based on the analysis of static and dynamic characters for Trojan domain name, eight indicators were obtained as the input of BP neural network algorithm, including operation time of domain name, the period to visit the domain name, the variation speed of IP address, the country change of IP address, IP address of private address, the same domain name with multiple IP address for different countries, TTL value and search times of domain name. An improved BP neural network algorithm was proposed to solve training efficiency for a great number of domain names, and large average error. Finally, the experimental evaluation of samples was tested by improved neural network algorithm. Compared with traditional neural network algorithm, the detection efficiency is better.

Key words: Trojan, domain name, neural network

No Suggested Reading articles found!