Research And Implementation Of Malicious Domains' Detection Method Based On Adversarial Model

With the arrival of new technologies that are based on Internet such as Big data,Cloud Computing and Artificial Intelligence,folks' lives have a tendency to be more intelligent,such as smart travel,unpaid and unmanned bank.While the Internet brings convenience to folks,it also faces huge security threats,such as the theft of user's information,the leakage of bank data,spam,etc.This is mainly due to the fact that the cybercriminals utilize botnets to launch a malicious attack on target hosts.Now,most of the botnets employ Domain-Flux and integrate Domain Generation Algorithms(DGAs)to evade to be detected by defense system.The mainstream detection algorithms based on artificial rules and traditional machine learning have some limitations due to the fact that DGAs generate domain characters timely and rapidly.The former is somewhat blind to new DGA variants.The latter has a strong hysteresis and suffers from the lack of evolving training data.Based on the analysis of the botnets' mechanism and the characteristics of DGA malicious domains,this paper proposed a solution to predict and generate DGA variants.This solution defined the domains' encoder and decoder based on the method of AscaII encoding and combined Generative Adversarial Network to devise Character-level Domain Generation Model.The purpose is to learn the inherent characteristics of DGA domain name through the GAN's adversarial learning algorithm and use the GAN's generative network to generate similar DGA malicious domains.Through the comparison and analysis of the twice classifier's parameters,it can be seen that the DGA variant samples generated by the Character-level Domain Generation Model based on the architecture of GAN can serve as real DGA samples for training the classifier,which verified the validity of the generated data and realized the detection and prediction of malicious DGA domains.Besides,this paper also proposes the generation sequence model based on LSTM.This model combines one-hot encoding with n-gram characters.At last,the feasible evaluation of the model are given.