| 褚冰融,付海艳*
,刘 梦.基于改进的CNN-LSTM的DGA域名检测算法[J].海南师范大学学报自科版,2023,36(3):237-248 |
| 基于改进的CNN-LSTM的DGA域名检测算法 |
| A DGA Domain Name Detection Algorithm Based on the Improved CNN-LSTM |
| |
| DOI:10.12051/j.issn.1674-4942.2023.03.001 |
| 中文关键词: DGA域名 深度学习 恶意域名检测 域名检测算法 注意力机制 |
| 英文关键词: DGA domain name deep learning malicious domain name detection domain name detection algorithm attention mechanism |
| 基金项目:国家自然科学基金项目(62262019);海南省自然科学基金项目(622RC675,2019CXTD405) |
|
| 摘要点击次数: 655 |
| 全文下载次数: 475 |
| 中文摘要: |
| 近年来,网络安全问题层出不穷,其中僵尸网络是造成网络瘫痪的重要原因之一。僵
尸网络利用域名生成算法(DGA)生成大量恶意域名进行网络攻击,对网络安全造成威胁。现有的
DGA域名主要分为字典型和字符型,传统的深度学习方法无法同时检测出两种类型的DGA域名,
尤其是无法检测出基于字典的DGA域名。针对这个问题,本文提出了改进的CNN-LSTM的DGA
域名检测算法,该算法融合了卷积神经网络(CNN)、注意力机制和双向长短时记忆网络(BiLSTM),
可以同时检测出两种类型的DGA域名。最后进行了不同算法的对比实验,实验结果表明,与其他
深度学习模型相比,该算法提高了DGA域名的二分类和多分类的准确率和F1值。在多分类实验
中,通过改进损失函数,提高了小样本数据的域名检测率。 |
| 英文摘要: |
| Network security problems have emerged one after another recenetly. The botnet is one of the important reasons
for network paralysis. Botnets use the domain name generation algorithm (DGA) to generate a large number of malicious do⁃
main names for network attacks, which poses a threat to network security. The existing DGA domain names are mainly
divided into dictionary-based and character-based domain names, the traditional detection method is not available for the
DGA domain name detection,especially for the dictionary-based DGA domain name detection. An improved CNN-LSTM
algorithm was proposed for the DGA domain name detection to detect both character-based and dictionary-based DGA do⁃
main names in the work. The algorithm incorporated a convolutional neural network (CNN), the attention mechanism, and a
bidirectional long-short-term memory network (BiLSTM). Finally,a comparative experiment of different algorithms is car⁃
ried out.The experimental results show that,compared with other deep learning algorithms,this algorithm improves tthe accu⁃
racy and F1 value of the binary classification and multi-classification of DGA domain names.In the multi-classification ex⁃
periment,the detection rate of domain names with small sample data is improved by improving the loss function. |
|
查看全文
查看/发表评论 下载PDF阅读器 |
| 关闭 |
