Research On Detection Technology Of Malicious Domain Name Based On Deep Learning

In recent years,network attacks have shown an explosive growth trend,which has seriously threatened the data and property security of Internet users.Botnets,ransomware and Advanced Persistent Threat(APT)are currently the most influential and destructive cyber malicious behaviors,which usually use DNS services to communicate with command and control(C&C)servers for file transfer and software update.In order to escape the blacklist mechanism and prolong the attack time,attackers usually use the domain generation algorithm(DGA)to generate new domain names for communication connections.Nowadays,as deep learning is widely used in different fields and has achieved great results,malicious domain detection has also changed from the traditional manual extraction of features to the use of deep learning.Aiming at the problems of the detection models based on deep learning lacking the ability to recognize the newly-emerged variant DGA domains,and lacking sufficient malicious domain names as training data,the main work of this thesis is as follows:(1)Propose a malicious domain name training data generation technology based on an improved Char-RNN model.Based on the analysis of the characteristics of DGA malicious domain name,combined with the idea of text generation,the original Char-RNN model is improved,and an improved text generation model is proposed in combination with the attention mechanism to simulate DGA variant samples.After experimental comparative analysis,the simulation data generated in this thesis can be used for the training of detection models,verifying their feasibility and effectiveness.(2)Propose a classification and detection model of malicious domain name based on deep learning(ATT-CNN-Bi LSTM).In view of the poor detection effect of some current detection methods on malicious domain names generated based on word lists,this model uses convolutional neural networks(CNN)and bidirectional long short-term memory networks(Bi LSTM)to extract the characteristics of malicious domain name sequences,and attention layer is used to strengthen the extraction of random features.Experimental results show that,compared with traditional deep learning methods,this model achieves better results in classifying and detecting DGA malicious domain names,especially domain names generated based on word lists.(3)For the application of malicious domain name detection technology,a malicious domain name detection system that can be applied to network security situational awareness is designed.Based on the overall security situation awareness system,and the application of the training data generation technology and malicious domain detection model proposed in this thesis,the overall framework,related functional modules and visual interfaces of malicious domain detection are designed,and the detection process and application scenarios of this module is briefly described.