DGA Domain Name Detection Based On Deep Learning

Posted on:2021-05-17

Degree:Master

Type:Thesis

Country:China

Candidate:H X Li

Full Text:PDF

GTID:2438330611954091

Subject:Computer technology

Abstract/Summary:

PDF Full Text Request

In recent years,the development and rise of the new generation of mobile Internet technologies such as artificial intelligence and big data have made people's lives into an intelligent era.Mobile Internet technology not only brings convenience to our life,but also brings new challenges.Botnet and malware are important problems in the current network security.Most of them use Domain-Flux technology,whose main applied technology is a malicious domain generation algorithms(DGA: Domain Generation Algorithm).Attackers use DGA domains to connect and control infected machines to perform illegal actions,so the detection of DGA domains is particularly important.For the detection of DGA domains,this paper implements three different algorithms for different types of DGA domains.The first is the GBDT algorithm which is based on artificial feature extraction.This algorithm requires artificially performing feature engineering on domains data in advance,selecting features with high correlation,and then using the GBDT algorithm for identification and classification.Then is the DGA domains detection algorithm based on LSTM.This method does not need to manually extract features in advance,and can be modeled after simple serialized on the domains.Finally,the DGA domains detection algorithm based on BERT model,which combines with BERT(This model performs very well in the field of natural language processing),has a very good effect on wordlist based word-level DGA domains.After research,it is found that both the GBDT algorithm based on artificial features and the DGA detection algorithm based on LSTM are aimed at character-level DGA domains,but the wordlist based word-level DGA domains detection is not effective.The main contribution of this paper is that in order to solve this problem,the algorithm of DGA domains detection based on the Bert model is designed and implemented,which shows good detection effect in the experiment,and many detection indexes can reach good values,thus solving the problem of difficult detection and resolution of wordlist based DGA domains.

Keywords/Search Tags:

Botnet, DGAs, Domain Generation Algorithm, Malicious domains, BERT

PDF Full Text Request

Related items

1	Research On Malicious Domain Name Detection Method Based On Deep Learning And Similarity
2	Design And Implementation Of Malicious Domain Name Detection Model Based On Generative Adversarial Network
3	Research On Detection Technology Of Malicious Domain Name Based On Neural Network
4	Research On Malicious Domain Detection Under Hadoop Environment
5	Analysis And Detection Of Domain Name Generation Algorithm
6	HTTP-Based Botnet Detection Using Network Traffic Traces
7	Research And Implementation Of Malicious Domains' Detection Method Based On Adversarial Model
8	Research On Malicious Domain Name Detection Based On Domain Name Text Features
9	The Research And Implementation Of Incremental Parallel SVM In Malicious Domain Detection
10	Research On Malicious Domain Name Detection Method Based On Deep Learning