基于支持向量机的DGA域检测

2018 Third International Conference on Security of Smart Cities, Industrial Control System and Communications (SSIC) Pub Date : 2018-10-01 DOI:10.1109/SSIC.2018.8556788

Yu Chen, Sheng Yan, Tianyu Pang, Rui Chen

{"title":"基于支持向量机的DGA域检测","authors":"Yu Chen, Sheng Yan, Tianyu Pang, Rui Chen","doi":"10.1109/SSIC.2018.8556788","DOIUrl":null,"url":null,"abstract":"Domain Generation Algorithm (DGA) technique has been widely used by botnets as a covert command and control (C &C) channel of issuing control or attack commands through various DGA domains. This method can evade blacklisting detection and bring new challenges to the current detection method. This paper extracts feature set which is helpful to differentiate between malicious DGA domains and benign domains, and uses the Support Vector Machine (SVM) algorithm to train the detection model. Experimental results demonstrate that the detection method proposed in this paper is powerful with a high true positive rate 95% and a low false positive rate 1%.","PeriodicalId":302563,"journal":{"name":"2018 Third International Conference on Security of Smart Cities, Industrial Control System and Communications (SSIC)","volume":"33 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Detection of DGA Domains Based on Support Vector Machine\",\"authors\":\"Yu Chen, Sheng Yan, Tianyu Pang, Rui Chen\",\"doi\":\"10.1109/SSIC.2018.8556788\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Domain Generation Algorithm (DGA) technique has been widely used by botnets as a covert command and control (C &C) channel of issuing control or attack commands through various DGA domains. This method can evade blacklisting detection and bring new challenges to the current detection method. This paper extracts feature set which is helpful to differentiate between malicious DGA domains and benign domains, and uses the Support Vector Machine (SVM) algorithm to train the detection model. Experimental results demonstrate that the detection method proposed in this paper is powerful with a high true positive rate 95% and a low false positive rate 1%.\",\"PeriodicalId\":302563,\"journal\":{\"name\":\"2018 Third International Conference on Security of Smart Cities, Industrial Control System and Communications (SSIC)\",\"volume\":\"33 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 Third International Conference on Security of Smart Cities, Industrial Control System and Communications (SSIC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SSIC.2018.8556788\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 Third International Conference on Security of Smart Cities, Industrial Control System and Communications (SSIC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SSIC.2018.8556788","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

摘要

域生成算法(DGA)技术作为一种隐蔽的命令与控制(c&c)通道，被僵尸网络广泛应用于通过各种DGA域发出控制或攻击命令。该方法可以规避黑名单检测，对现有检测方法提出了新的挑战。本文提取了有助于区分恶意DGA域和良性DGA域的特征集，并使用支持向量机(SVM)算法训练检测模型。实验结果表明，本文提出的检测方法具有较高的真阳性率(95%)和较低的假阳性率(1%)。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Detection of DGA Domains Based on Support Vector Machine

Domain Generation Algorithm (DGA) technique has been widely used by botnets as a covert command and control (C &C) channel of issuing control or attack commands through various DGA domains. This method can evade blacklisting detection and bring new challenges to the current detection method. This paper extracts feature set which is helpful to differentiate between malicious DGA domains and benign domains, and uses the Support Vector Machine (SVM) algorithm to train the detection model. Experimental results demonstrate that the detection method proposed in this paper is powerful with a high true positive rate 95% and a low false positive rate 1%.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2018 Third International Conference on Security of Smart Cities, Industrial Control System and Communications (SSIC)

自引率

0.00%

发文量