Research On DGA Domain Name Generation And Detection Based On The Theory Of Adversarial Attack

People's demand for the Internet is increasing demand in their daily lives.The issue of network security is getting more and more attention.The large-scale network attacks in recent years have used botnets to pose major security threats to ordinary computers.Botnets refers to an attack platform formed by an attacker using a command control channel to manipulate a group of victim hosts for malicious purposes.Through this platform,attackers can launch a variety of common attacks.The domain name generation algorithm(DGA)is an important part of helping attackers to achieve remote control and evade detection.The key technology for botnets to survive.The existence of a large number of DGA domain names has caused great trouble to the security personnel responsible for cracking down on botnets.Therefore,the research on the generation principle and detection methods of DGA domain names is of great significance.This paper analyzes the DGA domain name detection technology based on deep learning.Aiming at the problems of the lack of variant datasets and the low detection rate of unknown types of DGA domain names in the detection,combined with the adversarial attack theory,a GAN-based adversarial network(GAN)is proposed.DGA domain name adversarial example generation technology,and DGA domain name detection technology based on adversarial example optimization.Experimental results show that the proposed method can effectively expand the variant DGA sample data and improve the detection rate of unknown types of DGA domain names.The innovations and main work of this paper are as follows:(1)Aiming at the problem that the GAN model based on adversarial attacks cannot directly receive text data,a domain name text processing method based on ASCII code conversion is proposed to enable the model to receive domain name data normally and to protect the original characteristics of the data to a certain extent.(2)Aiming at the problem that machine learning and deep learning detection methods lack variant DGA domain name training data,this paper designs a domain name generative adversarial network model(DnGAN)to learn real benign and malicious domain names to generate adversarial examples.By comparing the performance of the classifier parameters,the validity of the DGA domain name adversarial examples generated by the model is verified.(3)Aiming at the problem of low detection rate and high false positive rate when faced with unknown types of DGA domain names in deep learning detection methods,this paper uses adversarial examples to optimize and expand the existing data set,and performs multiple types of unknowns on the LSTM detection model.Comparative experiment of DGA family separation detection.The results show that the method can effectively improve the detection ability of the model to unknown DGA families,and the average detection rate of the experiment is improved by 2.5%.The DGA domain name generation technology and detection technology proposed in this paper can solve some problems of DGA detection methods based on deep learning models to a certain extent.It has certain reference significance for further research in this field.