2022年 02期

摘要(Abstract)：

为了检测恶意程序中的虚假域名，便于识别僵尸网络和恶意程序，提出一种基于深度学习的虚假域名检测模型；该模型以域名字符串的字符序列为输入，利用一维卷积神经网络和自注意力机制，分别挖掘字符序列中各字符之间的局部依赖信息和全局依赖信息，将两者拼接在一起得到组合特征向量；借助多层感知机，得到待检测域名属于不同域名类别的概率。仿真结果表明，基于一维卷积神经网络和自注意力机制等深度学习算法构建的虚假域名检测模型能够有效检测出恶意程序常用的虚假域名。

关键词(KeyWords)： 网络安全;域名检测模型;卷积神经网络;自注意力机制

基金项目(Foundation):国家电网有限公司2019年总部科技项目(5700-201958464A-0-0-00)

作者(Author): 刘子雁,李宁,张丞,崔博,王云霄,孔汉章

DOI: 10.13349/j.cnki.jdxbn.20211217.001

参考文献(References)：

[1] 方滨兴，崔翔，王威.僵尸网络综述[J].计算机研究与发展，2011,48(8):1315-1331.

[2] 周昌令，栾兴龙，肖建国.基于深度学习的域名查询行为向量空间嵌入[J].通信学报，2016,37(3):165-174.

[3] 张维维，龚俭，刘茜，等.基于词素特征的轻量级域名检测算法[J].软件学报，2016,27(9):2348-2364.

[4] 于光喜，张棪，崔华俊，等.基于机器学习的僵尸网络DGA域名检测系统设计与实现[J].信息安全学报，2020,5(3):35-47.

[5] 陈立皇，程华，房一泉.基于注意力机制的DGA域名检测算法[J].华东理工大学学报 (自然科学版),2019,45(3):478-485.

[6] 林思明，陈腾跃，梁煜麓.基于BiLstm神经网络的DGA域名检测方法[J].网络安全技术与应用，2019(1):15-17.

[7] BILGE L,KIRDA E,KRUEGEL C,et al.EXPOSURE:finding malicious domains using passive DNS analysis[C]//Proceedings of the Network and Distributed System Security Symposium(NDSS),February 6-9,2011,San Diego,USA.2011:1-17.

[8] LUO X,WANG L M,XU Z,et al.DGASensor:fast detection for DGA-based malwares[C]//Proceedings of the 5th International Conference on Communications and Broadband Networking,February 20-22,2017,Bali,Indonesia.New York:ACM,2017:47-53.

[9] UPADHYAY S,GHORBANI A.Feature extraction approach to unearth domain generating algorithms (DGAs)[C]//2020 IEEE International Conference on Dependable,Autonomic and Secure Computing,International Conference on Pervasive Intelligence and Computing,International Conference on Cloud and Big Data Computing,International Conference on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech).New York:IEEE,2020:399-405.

[10] YADAV S,REDDY A K K,REDDY A L N,et al.Detecting algorithmically generated malicious domain names[C]//Proceedings of the 10th ACM SIGCOMM Conference on Internet Mea-surement,November 1-3,2010,Melbourne,Australia.New York:ACM,2010:48-61.

[11] CURTIN R R,GARDNER A B,GRZONKOWSKI S,et al.Detecting DGA domains with recurrent neural networks and side information[C]//Proceedings of the 14th International Conference on Availability,Reliability and Security,August 26-29,2019,Canterbury,United Kingdom.New York:ACM,2019:1-10.

[12] WOODBRIDGE J,ANDERSON H S,AHUJA A,et al.Predicting domain generation algorithms with long short-term memory networks[EB/OL].(2016-11-02)[2021-03-20].https://arxiv.org/abs/1611.00791.

[13] QIAO Y C,ZHANG B,ZHANG W Z,et al.DGA domain name classification method based on long short-term memory with attention mechanism[J].Applied Sciences,2019,9(20):4205.

[14] YU B,GRAY D L,PAN J,et al.Inline DGA detection with deep networks[C]//2017 IEEE International Conference on Data Mining Workshops (ICDMW),November 18-21,2017,New Orleans,USA.New York:IEEE,2017:683-692.

[15] HIGHNAM K,PUZIO D,LUO S,et al.Real-time detection of dictionary DGA network traffic using deep learning[J].SN Computer Science,2021,2:110.

[16] PATSAKIS C,CASINO F.Exploiting statistical and structural features for the detection of domain generation algorithms[J].Journal of Information Security and Applications,2021,58(2):102725.

[17] BUBNOV Y V,IVANOV N N.DGA domain detection and botnet prevention using Q-learning for POMDP[J].Doklady BGUIR,2021,19(2):91-99.

[18] LIU W P,ZHANG Z L,HUANG C,et al.CLETer:a character-level evasion technique against deep learning DGA classifiers[J].Security and Safety,2021,7(24):168723.