首页|期刊导航|东南大学学报（自然科学版）|基于word-hashing的DGA僵尸网络深度检测模型

基于word-hashing的DGA僵尸网络深度检测模型

赵科军葛连升秦丰林洪晓光

东南大学学报（自然科学版）2017，Vol.47Issue(z1)：30-33,4.

东南大学学报（自然科学版）2017，Vol.47Issue(z1)：30-33,4.DOI:10.3969/j.issn.1001-0505.2017.S1.006

基于word-hashing的DGA僵尸网络深度检测模型

Deep model for DGA botnet detection based on word-hashing

赵科军 ¹葛连升 ²秦丰林 ¹洪晓光¹

作者信息

1. 山东大学信息化工作办公室,济南250100
2. 山东大学计算机科学与技术学院,济南250100
折叠

摘要

Abstract

To solve the problem of botnet concealment using domain generation algorithm(DGA) and feature extraction difficulty of traditional detection algorithms, a DGA domain name detection model without extracting specific features is proposed based on deep learning.First,all the domain name strings are extracted to bigram strings based on word-hashing and bag-of-words model maps the domain names to a high-dimensional vector space.Then,the domain names converted into high-di-mensional vectors are classified by a 5-layer depth neural network.Through the depth of the model structure,different levels of abstract hidden patterns and features are found from the training data, and these patterns and features mostly can not be discovered by traditional statistical methods.In the experiment,100 000 DGA domain names and 100 000 legal domain names are used as samples, compared with the natural language feature classification algorithm.The experimental results show that the accuracy rate of the DGA domain name is 97.23%,it is 3.7%higher than that of the natu-ral language feature classification algorithm.

关键词

DGA/僵尸网络/word-hashing/深度学习

Key words

domain generation algorithm(DGA)/botnet/word-hashing/deep learning

分类

信息技术与安全科学

引用本文复制引用

赵科军,葛连升,秦丰林,洪晓光..基于word-hashing的DGA僵尸网络深度检测模型[J].东南大学学报（自然科学版）,2017,47(z1):30-33,4.

基金项目

赛尔网络下一代互联网技术创新资助项目(NGII20150412). （NGII20150412）

东南大学学报（自然科学版）

OA北大核心CSCDCSTPCD

ISSN：1001-0505

访问量0

下载量0

段落导航