Research And Application Of Malicious Domain Name Detection Technology Based On Deep Learning

In recent years,with the continuous expansion of Internet services,maintaining network security has become a focus of widespread concern.Malicious domain name detection is an important direction in network security.In particular,the development of deep learning has also deepened the improvement and improvement of domain name detection technology.At present,cyber attacks carried out with malicious domain names are mainly implemented by algorithm-generated domain names(DGA).Therefore,research on DGA domain names has become the main direction of malicious domain name research.Although the DGA domain name detection technology based on deep learning is very expressive,recent research shows that this deep learning method is vulnerable to adversarial samples.In view of this,the work of this paper is centered on the study of DGA domain name adversarial samples,focusing on the generation principle of DGA adversarial samples,and focusing on solving the problems caused by adversarial attacks.This thesis will study from the following three aspects.(1)A method of generating adversarial samples based on geometric vectors is proposed.This method analyzes the principle of adversarial sample generation and proves its rationality from the perspective of mathematical geometry.Based on this technology principle,a DGA domain name adversarial sample generation algorithm is proposed.The algorithm uses the method of geometric vectors to generate adversarial disturbances,and then adds them to DGA malicious domain name data to generate adversarial samples.In order to prove the effectiveness of the algorithm,the DGA domain name classifier is used to detect it.The experimental results show that the DGA domain name classifier cannot resist such attacks against adversarial samples.(2)In order to solve the DGA domain name adversarial sample attack proposed in(1),a DGA domain name adversarial sample defense algorithm is proposed.This algorithm starts from the countermeasure against the disturbance of domain name characters,and designs a correction network in front of the DGA domain name classifier to correct the domain name after the disturbance.Compared with the existing adversarial defense algorithms,this algorithm does not need to increase the detection rate of the adversarial sample at the expense of the original sample detection rate;it does not need to know the adversarial sample data in advance to enhance the training to achieve the detection of the adversarial sample.It guarantees a high detection rate of the original samples while detecting unknown adversarial samples.(3)For the application of malicious domain name detection technology,a malicious domain name detection module suitable for the network security posture platform is designed and implemented.Based on the architecture of the network security posture platform,the overall framework and functional modules supporting the malicious domain name detection module were designed,and the anti-defense algorithm proposed in this paper was applied.Finally,the integrated technology of the module and its application in the network security posture the application is briefly described.