{"title":"基于深度学习方法的自动算法生成域检测","authors":"Yihang Zhang","doi":"10.1109/AUTEEE50969.2020.9315559","DOIUrl":null,"url":null,"abstract":"Domain-Flux is the main way for malware or botnets to bypass most detection systems where static methods, such as blacklists, are relied on. The key point of Domain-Flux is Domain Generation Algorithm (DGA), which can generate thousands of domain names in a short time. Therefore, effective detection of DGA domain names plays an important role in cybersecurity defense. Traditional detection methods mainly depend on the reverse engineering of malware samples, which is tedious and inflexible. In this paper, we apply artificial intelligence methods in this field and detect DGA domains automatically. Specifically, we first discover the pseudo-randomness of DGA domain name strings through data analysis. Then, we build several DGA classifiers based on different machine learning and deep learning methods. Apart from separating DGA domains from benign ones, classifiers with deep learning models can also support multi-classification and identify DGA families. Finally, the experiment results on a well-known public dataset show that the classifier with CNN model is superior to the others with the consideration of accuracy, efficiency and robustness.","PeriodicalId":6767,"journal":{"name":"2020 IEEE 3rd International Conference on Automation, Electronics and Electrical Engineering (AUTEEE)","volume":"12 1","pages":"463-469"},"PeriodicalIF":0.0000,"publicationDate":"2020-11-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Automatic Algorithmically Generated Domain Detection with Deep Learning Methods\",\"authors\":\"Yihang Zhang\",\"doi\":\"10.1109/AUTEEE50969.2020.9315559\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Domain-Flux is the main way for malware or botnets to bypass most detection systems where static methods, such as blacklists, are relied on. The key point of Domain-Flux is Domain Generation Algorithm (DGA), which can generate thousands of domain names in a short time. Therefore, effective detection of DGA domain names plays an important role in cybersecurity defense. Traditional detection methods mainly depend on the reverse engineering of malware samples, which is tedious and inflexible. In this paper, we apply artificial intelligence methods in this field and detect DGA domains automatically. Specifically, we first discover the pseudo-randomness of DGA domain name strings through data analysis. Then, we build several DGA classifiers based on different machine learning and deep learning methods. Apart from separating DGA domains from benign ones, classifiers with deep learning models can also support multi-classification and identify DGA families. Finally, the experiment results on a well-known public dataset show that the classifier with CNN model is superior to the others with the consideration of accuracy, efficiency and robustness.\",\"PeriodicalId\":6767,\"journal\":{\"name\":\"2020 IEEE 3rd International Conference on Automation, Electronics and Electrical Engineering (AUTEEE)\",\"volume\":\"12 1\",\"pages\":\"463-469\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-11-20\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2020 IEEE 3rd International Conference on Automation, Electronics and Electrical Engineering (AUTEEE)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/AUTEEE50969.2020.9315559\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE 3rd International Conference on Automation, Electronics and Electrical Engineering (AUTEEE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/AUTEEE50969.2020.9315559","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Automatic Algorithmically Generated Domain Detection with Deep Learning Methods
Domain-Flux is the main way for malware or botnets to bypass most detection systems where static methods, such as blacklists, are relied on. The key point of Domain-Flux is Domain Generation Algorithm (DGA), which can generate thousands of domain names in a short time. Therefore, effective detection of DGA domain names plays an important role in cybersecurity defense. Traditional detection methods mainly depend on the reverse engineering of malware samples, which is tedious and inflexible. In this paper, we apply artificial intelligence methods in this field and detect DGA domains automatically. Specifically, we first discover the pseudo-randomness of DGA domain name strings through data analysis. Then, we build several DGA classifiers based on different machine learning and deep learning methods. Apart from separating DGA domains from benign ones, classifiers with deep learning models can also support multi-classification and identify DGA families. Finally, the experiment results on a well-known public dataset show that the classifier with CNN model is superior to the others with the consideration of accuracy, efficiency and robustness.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
