一种改进的卷积神经网络恶意域名检测算法

doi:10.19665/j.issn1001-2400.2020.01.006

Abstract

Abstract:

Aiming at the problem that the existing detection methods are not efficient in detecting the malicious domain name generated by the algorithm, especially the detection rate of several types of malicious domain names that are difficult to detect is low, an improved algorithm for detection of the malicious domain name based on the convolutional neural network is proposed. Based on the existing convolutional neural network model, this algorithm adds convolutional branches to extract deeper character-level features, so that both shallow and deep character-level features of malicious domain names could be extracted and fused simultaneously. A focal loss function is introduced as a loss function to solve the problem of sample imbalance caused by difficulty and quantity, which is used to improve the detection accuracy of hard-to-detect samples. The average detection accuracy of the improved algorithm for 20 types of malicious domain names is 97.62%, that is, 0.94% higher than that of the original algorithm, and the detection accuracy of four hard-to-detect domain names is increased by 3.71%, 4.6%, 11.18% and 17.8%, respectively. Experimental results show that the improved algorithm can effectively improve the detection accuracy of malicious domain names, especially for some hard-to-detect domain names.

Key words: convolutional neural network, domain generation algorithms, deep learning, information security

CLC Number:

TP309

YANG Luhui,LIU Guangjie,ZHAI Jiangtao,LIU Weiwei,BAI Huiwen,DAI Yuewei. Improved algorithm for detection of the malicious domain name based on the convolutional neural network[J].Journal of Xidian University, 2020, 47(1): 37-43.

Figures/Tables 6

References 16

[1]	杨宏宇, 那玉琢 . 一种Android恶意软件检测模型[J]. 西安电子科技大学学报, 2019,46(3):45-51.
	YANG Hongyu, NA Yuzhuo . Android Malware Detection Model[J]. Journal of Xidian University, 2019,46(3):45-51.
[2]	CHANTHAKOUMMANE Y, SAIYOD S, BENJAMAS N , et al. Improving Intrusion Detection on Snort Rules for Botnets Detection[C]//Lecture Notes in Electrical Engineering: 376. Heidelberg: Springer Verlag, 2016: 765-779.
[3]	YADAV S, REDDY A K K, REDDY A L N , et al. Detecting Algorithmically Generated Malicious Domain Names[C]// Proceedings of the ACM SIGCOMM Internet Measurement Conference. New York: ACM, 2010: 48-61.
[4]	YADAV S, REDDY A K K, NARASIMHA REDDY A L , et al. Detecting Algorithmically Generated Domain-flux Attacks with DNS Traffic Analysis[J]. IEEE/ACM Transactions on Networking, 2012,20(5):1663-1677.
[5]	SCHIAVONI S, MAGGI F, CAVALLARO L , et al. Tracking and Characterizing Botnets Using Automatically Generated Domains[J/OL]. Computer Science, 2013.[2019-8-22].
[6]	SCHIAVONI S, MAGGI F, CAVALLARO L , et al. Phoenix: DGA-based Botnet Tracking and Intelligence[C]//Lecture Notes in Computer Science: 8550. Heidelberg: Springer Verlag, 2014: 192-211.
[7]	BILGE L, SEN S, BALZAROTTI D , et al. EXPOSURE: A Passive DNS Analysis Service to Detect and Report Malicious Domains[J]. ACM Transactions on Information and System Security, 2014,16(4):14.
[8]	RAGHURAM J, MILLER D J, KESIDIS G . Unsupervised,Low Latency Anomaly Detection of Algorithmically Generated Domain Names by Generative Probabilistic Modeling[J]. Journal of Advanced Research, 2014,5(4):423-433.
[9]	YANG L H, ZHAI J T, LIU W W , et al. Detecting Word-based Algorithmically Generated Domains Using Semantic Analysis[J]. Symmetry, 2019,11(176):1-20.
[10]	WOODBRIDGE J, ANDERSON H S, AHUJA A , et al. Predicting Domain Generation Algorithms with Long Short-term Memory Networks[J]. Computer Science, 2016. [2019-8-22].
[11]	ANDERSON H S, WOODBRIDGE J, FILAR B . DeepDGA: Adversarially-tuned Domain Generation and Detection[C]//Proceedings of the 2016 ACM Workshop on Artificial Intelligence and Security. New York: ACM, 2016: 13-21.
[12]	赵科军, 葛连升, 秦丰林 , 等. 基于word-hashing的DGA僵尸网络深度检测模型[J]. 东南大学学报(自然科学版), 2017,47(S1):34-37.
	ZHAO Kejun, GE Liansheng, QIN Fenglin , et al. Deep Model for DGA Botnet Detection Based on Word-hashing[J]. Journal of Southeast University(Natural Science Edition), 2017,47(S1):34-37.
[13]	YU B, PAN J, HU J , et al. Character Level Based Detection of DGA Domain Names[C]//Proceedings of the 2018 International Joint Conference on Neural Networks. Piscataway: IEEE, 2018: 8489147.
[14]	BERMAN D S . DGA CapsNet: 1D Application of Capsule Networks to DGA Detection[J]. Information, 2019,10(5):157.
[15]	TRAN D, MAC H, TONG V , et al. A LSTM Based Framework for Handling Multiclass Imbalance in DGA Botnet Detection[J]. Neurocomputing, 2018,275:2401-2413.
[16]	LIN T Y, GOYAL P, GIRSHICK R , et al. Focal Loss for Dense Object Detection[C]//Proceedings of the 2017 IEEE International Conference on Computer Vision. Piscataway: IEEE, 2017: 2999-3007.

检测算法	平均准确率/%	召回率/%	曲线下面积	训练时间/s
长短期记忆网络	97.23	95.30	0.9969	720
Invincea-CNN	96.68	94.29	0.9964	20
Invincea-CNN + Focalloss	97.10	95.31	0.9968	20
改进的Invincea-CNN + Focalloss	97.62	96.77	0.9974	52

DGA类型	LSTM	Invincea-CNN	Invincea-CNN + Focalloss	改进的Invincea-CNN + Focalloss
Gameover	100.00	100.00	100.00	100.00
Murofet	99.61	99.79	100.00	100.00
Dircrypt	97.83	97.90	98.64	97.86
Tinba	98.53	99.42	99.38	98.80
Necurs	93.73	95.64	96.69	97.25
Ramdo	98.26	98.78	99.27	98.77
Ranbyus	99.61	99.60	99.80	99.61
Cryptolocker	99.80	99.20	99.03	99.78
Emotet	98.80	99.80	99.38	99.78
Corebot	99.80	100.00	99.81	99.80
Banjori	99.45	98.04	96.98	99.03
Qakbot	97.51	97.50	98.02	98.25
Rovnix	99.79	99.80	99.80	99.81
Kraken	96.60	95.43	97.62	99.60
Ramnit	96.45	97.08	97.09	98.65
Locky	92.70	95.49	95.22	97.04
Pykspa	92.14	92.52	93.76	96.23
Simda	94.39	90.84	94.96	95.44
Symmi	80.09	70.85	77.54	82.03
Virut	69.40	59.17	59.40	76.97

Improved algorithm for detection of the malicious domain name based on the convolutional neural network

RichHTML

PDF (PC)

Like

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 6

References 16

Related Articles 15

Metrics

Comments

Recommended 10

[1]	LIU Jiawei,ZHANG Wenhui,KOU Xiaoli,LI Yanni. Harnessing adversarial examples via input denoising and hidden information restoring [J]. Journal of Xidian University, 2021, 48(6): 23-31.
[2]	YU Haoyang,YIN Liang,LI Shufang,LV Shun. Recognition algorithm for the little sample radar modulation signal based on the generative adversarial network [J]. Journal of Xidian University, 2021, 48(6): 96-104.
[3]	LI Peng,FENG Cunqian,XU Xuguang,TANG Zixiang. Ballistic target fretting classification network based on Bayesian optimization [J]. Journal of Xidian University, 2021, 48(5): 139-148.
[4]	SUN Yanjing,WEI Li,ZHANG Nianlong,YUN Xiao,DONG Kaiwen,GE Min,CHENG Xiaozhou,HOU Xiaofeng. Person re-identification method combining the DD-GAN and Global feature in a coal mine [J]. Journal of Xidian University, 2021, 48(5): 201-211.
[5]	YAN Jia,CAO Yudong,REN Jiaxing,CHEN Donghao,LI Xiaohui. Deep asymmetric compression Hashing algorithm [J]. Journal of Xidian University, 2021, 48(5): 212-221.
[6]	NING Yang,DU Jianchao,HAN Shuo,YANG Chuankai. Fire segmentation based on the improved DeeplabV3+ and the analytical method for fire development [J]. Journal of Xidian University, 2021, 48(5): 38-46.
[7]	ZHOU Peng,YANG Jun. Semantic segmentation of remote sensing images based on neural architecture search [J]. Journal of Xidian University, 2021, 48(5): 47-57.
[8]	QI Yanjun,KONG Yueping,WANG Jiajing,ZHU Xudong. Gait recognition method combining LSTM and CNN [J]. Journal of Xidian University, 2021, 48(5): 78-85.
[9]	YANG Yunhang,MIN Lianquan. Multi-scalefusion sketch recognition model by dilated convolution [J]. Journal of Xidian University, 2021, 48(5): 92-99.
[10]	CHEN Changchuan,WANG Haining,HUANG Lian,HUANG Tao,LI Lianjie,HUANG Xiangkang,DAI Shaosheng. Facial expression recognition based on local representation [J]. Journal of Xidian University, 2021, 48(5): 100-109.
[11]	SONG Jianfeng,MIAO Qiguang,WANG Chongxiao,XU Hao,YANG Jin. Multi-scale single object tracking based on the attention mechanism [J]. Journal of Xidian University, 2021, 48(5): 110-116.
[12]	ZHANG Yuhao,CHENG Peitao,ZHANG Shuhao,WANG Xiumei. Lightweight image super-resolution with the adaptive weight learning network [J]. Journal of Xidian University, 2021, 48(5): 15-22.
[13]	HUI Haisheng,ZHANG Xueying,WU Zelin,LI Fenglian. Method for stroke lesion segmentation using the primary-auxiliary path attention compensation network [J]. Journal of Xidian University, 2021, 48(4): 200-208.
[14]	SUN Haojie,LI Miaoyu,ZHANG Panpan,XU Pengfei. Self-supervised facial asymmetry learning for automatic evaluation of facial paralysis [J]. Journal of Xidian University, 2021, 48(3): 115-122.
[15]	WANG Ping,JIANG Yuze,ZHAO Guanghui. Object detection based on the multiscale location Enhancement network [J]. Journal of Xidian University, 2021, 48(3): 85-90.