基于组合分类器的恶意域名检测技术

doi:10.11959/j.issn.1000-0801.2020150

Abstract

Abstract:

As a fundamental service on the internet,domain name system (DNS) can inevitably be abused by malicious activities.Based on the studies of Botnets and other malwares which made use of the domain generation algorithm (DGA),and researches on current major techniques of malicious domain detection,a malicious domain detection framework based on a classifier combination was proposed.The framework applied the support vector machine (SVM) as its main classifier and combined the naive Bayes classifier (NBC) supportively with some statistical characteristics.Experiment result demonstrates that the framework outperformes current techniques in the offline-training time and the capability of detecting unknow malicious domain families,which satisfies the requirement of internet service provider (ISP) to detect and analyze malicious domainson the internet.

Key words: malicious domain name, Botnet, machine learning, deep learning, classifier combination

CLC Number:

TP393

Jiantao SHENG,Maofei CHEN,Dongxin LIU,Laifu WANG,Guoshui SHI,Huamin JIN. Detection of malicious domain name based on a classifier combination[J]. Telecommunications Science, 2020, 36(5): 47-55.

Figures/Tables 16

References 8

[1]	安天安全研究与应急处理中心. 安天针对勒索蠕虫“魔窟”(WANNACRY) 的深度分析报告[R]. 2017.
	Antiy CERT. An in-depth analysis report on the blackmail worm WANNACRY[R]. 2017.
[2]	SkyEye 天眼实验室. APT OceanLotus 数字海洋的游猎[R]. 2015.
	SkyEye Laboratory. APT OceanLotus digital ocean safari[R]. 2015.
[3]	臧小东, 龚俭, 胡晓艳 . 基于AGD的恶意域名检测[J]. 通信学报, 2018,39(7): 15-25.
	ZANG X D , GONG J , HU X Y . Detecting malicious domain names based on AGD[J]. Journal on Communications, 2018,39(7): 15-25.
[4]	蒋鸿玲, 戴俊伟 . DGA恶意域名检测方法[J]. 北京信息科技大学学报(自然科学版), 2019,34(5): 45-50.
	JIANG H L , DAI J W . DGA malicious domain name detection method[J]. Journal of Beijing Information Science ＆ Technology University, 2019,34(5): 45-50.
[5]	王震 . 基于SVM的DGA域名检测方法研究[D]. 山东:济南大学, 2018.
	WANG Z . Research on DGA domain name detection method based on SVM[D]. Shandong:Jinan University, 2018.
[6]	王志宏, 杨震 . 人工智能技术的哲学及系统性思考[J]. 电信科学, 2018,34(4): 12-21.
	WANG Z H , YANG Z . Philosophy and systematic thinking of artificial intelligence technology[J]. Telecommunications Science, 2018,34(4): 12-21.
[7]	YU B , GRAY D L , PAN J ,et al. Inline DGA Detection with Deep Networks[C]// Proceedings of IEEE International Conference on Data Mining Workshops (ICDMW). Piscataway:IEEE Press, 2017: 683-692.
[8]	绿盟科技. 2019年BOTNET趋势报告[R]. 2020.
	NSFOCUS. BOTNET trends report 2019[R]. 2020.

Metrics

Recommended 0

No Suggested Reading articles found!

Alex Top5 000	Alex Top50 000	Alex Top100 000
‘CO’：3 488	‘CO’:31 963	‘CO’:63 208
‘.C’：3 484	‘.C’:31 802	‘.C’:62 016
‘OM’：3 232	‘OM’:29 387	‘OM’:57 576
‘E.’,：641	‘IN’:7 326	‘IN’:15 535
‘IN’：628	‘NE’:6 428	‘NE’:13 260
‘NE’:609	‘S.’:6 408	‘S.’:13 179
‘S.’:571	‘OR’:5 940	‘OR’:12 685
‘AN’:559	‘E.’:5 920	‘ER’:12 132
‘ER’:499	‘ER’:5 600	‘E.’:11 902
‘OR’:489	‘AN’:5 449	‘AN’:11 324

Alex Top5 000	Alex Top50 000	Alex Top100 000
‘.CO’:3280	‘.CO’:29 517	‘.CO’:57 807
‘COM’:3134	‘COM’:28 210	‘COM’:55 008
‘E.C’:440	‘S.C’:4 202	‘S.C’:8 561
‘S.C’:399	‘E.C’:3 683	‘E.C’:7 243
‘OM.’:284	‘NET’:3 010	‘NET’:6 103
‘NET’:280	‘.NE’:2 506	‘.NE’:5 048
‘A.C’:244	‘OM.’:2 474	‘OM.’:4 643
‘R.C’:239	‘T.C’:2 273	‘T.C’:4 555
‘T.C’:238	‘R.C’:2 076	‘A.C’:4 081
‘.NE’:226	‘A.C’:2 054	‘.OR’:4 068

DGA家族域名5万	DGA家族域名 10万
‘.C’:12 677	‘OR’:14 454
‘CO’:11 544	‘.C’:14 066’
‘IN’:10 134	IN’:12 280
‘CC’:9 154	‘.I’:11 926
‘OM’:9 090	‘RG’:1 0857:
‘.I’:9 052	‘RU’:10 708
‘OR’:6 509	‘BI’:10 527
‘NF’:6 395	‘NF’:10 520
‘RG’:6 265	‘FO’:10 078
‘FO’:6 257	‘CO’:9 875

DGA家族域名5万	DGA家族域名 10万
‘NET’:12 412	‘ORG:29 491
‘.NE’:12 388	‘.OR’:29 395
‘ORG’:12 029	‘NET’:23 212
‘.OR’:12 022	‘.NE’:23 158
‘NS.’:10 116	‘X.O’:20 133
‘DDN’:10 100	‘S.N’:20 117
‘DNS’:10 095	‘DNS’:20 062
‘WW.’,10 037	‘WWW’:20 054
‘X.O’:10 030	‘WW.’:20 047
‘KHC’:10 024	‘NS.’:20 039

数据集编号	正负样本比例	训练集规模	测试集规模
1	1:1	10 000	2 000
2	1:1	20 000	4 000
3	1:1	40 000	8 000
4	1:1	60 000	12 000
5	1:1	100 000	20 000

Detection of malicious domain name based on a classifier combination

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 16

References 8

Related Articles 15

Metrics

Recommended 0

类别	环境设置
操作系统	Ubuntu18.0.4 LTS
开发语言	Python3.6
开发工具	PyCharm 企业版v2019.1
机器学习库	Sklearn,TensorFlow
CPU	Intel Core i7-6700HQ @2.60 GHz
内存	16 GB
硬盘	1 TB

	预测为正例	预测为负例
真实类别为正例	真正(TP)	假负（FN）
真实类别为负例	假正(FP)	真负（TN）

[1]	Zehua GUO, Haowen ZHU, Tongwen XU. Network modal innovation for distributed machine learning [J]. Telecommunications Science, 2023, 39(6): 44-51.
[2]	Min LU, Juan HU, Xianchao ZHANG, Weijian DING, Guangxue YUE. Personalized recommendation model based on users multi-features fusion [J]. Telecommunications Science, 2023, 39(5): 101-115.
[3]	Yaqiong LIU, Zhe LYU, Yafei ZHAO, Guochu SHOU. A survey on AI techniques applied in the satellite communication/satellite Internet field [J]. Telecommunications Science, 2023, 39(2): 10-24.
[4]	Bin ZHUGE, Zhenghu YIN, Wenxue SI, Lei YAN, Ligang DONG, Xian JIANG. Student knowledge tracking based multi-indicator exercise recommendation algorithm [J]. Telecommunications Science, 2022, 38(9): 129-143.
[5]	Jianwu ZHANG, Yanjun AN, Huangyan DENG. A survey on DNS attack detection and security protection [J]. Telecommunications Science, 2022, 38(9): 1-17.
[6]	Jie ZHOU, Bernardo Esono Esono Mikue, Xueying WANG, Huiting ZHOU, Hong LUO. PAPR optimization based on SLM and PTS algorithms in NC-OFDM systems [J]. Telecommunications Science, 2022, 38(7): 63-74.
[7]	Panpan LI, Zhengxia XIE, Guangxue YUE, Xin LIU. Research progress and trends of deep learning based wireless communication receiving method [J]. Telecommunications Science, 2022, 38(2): 1-17.
[8]	Qing SHEN, Wenbin GUO, Jungang LOU, Qiangguo YU. Personalized recommendation model with multi-level latent features [J]. Telecommunications Science, 2022, 38(2): 71-83.
[9]	Zhichao ZHOU, Yi FENG, Xiaohan XIA, Yuyao FENG, Chao CAI, Jiahui QIU, Lihui YANG, Yunxiao WU. Outdoor location scheme with fingerprinting based on machine learning of mobile cellular network [J]. Telecommunications Science, 2021, 37(8): 85-95.
[10]	Zhihong CHEN, Mingxiao WANG. Application of computer vision in intelligent security [J]. Telecommunications Science, 2021, 37(8): 142-147.
[11]	Boheng TANG, Xingang CHAI. Cloud-edge collaboration based computer vision inference mechanism [J]. Telecommunications Science, 2021, 37(5): 72-81.
[12]	Shujun SUN, Shengliang PENG, Yudong YAO, Xi YANG. A survey of deep learning based modulation recognition [J]. Telecommunications Science, 2021, 37(5): 82-90.
[13]	Shuang PENG, Xiaodong WANG, Zongju PENG, Fen CHEN. Fast QTMT partition decision based on deep learning [J]. Telecommunications Science, 2021, 37(4): 73-81.
[14]	Daoyun HU, Jin QI, Qianchun LU, Feng LI, Hongqiang FANG. Research and application of traffic engineering algorithm based on deep learning [J]. Telecommunications Science, 2021, 37(2): 107-114.
[15]	Jie ZHANG, Lihua YANG, Zenghao WANG, Bo HU, Qian NIE. A novel deep learning based time-varying channel prediction method [J]. Telecommunications Science, 2021, 37(1): 39-47.