Research On DGA Domain Name Detection Method Based On Deep Learning Model

With the increasing importance of the Internet in people's lives,there is a lot of interest in different areas of network security.The network attacker can evade detection,manipulate many victim hosts to implement remote control,and attack different types of networks.The network attack relies on the important method of domain name generation algorithm(DGA),so the research on the principle of DGA domain name generation and detection method is very practical and important.This paper first summarises the features and methods of the DGA domain name detection algorithm.Next,research on algorithm improvement and optimization is focused on the problems of lack of variant malicious samples,unstable training and poor detection performance.The main research contents of this dissertation are as follows:(1)To solve the problem that the lack of multiple types of variant datasets in the detection of malicious domain names.This paper researchs a DGA malicious domain name sample generation method based on Generative Adversarial Network(GAN),the network model structure is referenced from Deep Convolutional Generative Adversarial Network(DCGAN),and combined with domain name features for optimization and improvement.The constructed generative adversarial attack model LDGAN solves the problem of instability of traditional generative adversarial networks in training.(2)To solve the problem that the low accuracy and time consumption of current DGA domain name detection methods,a combined method based on information entropy and deep learning model detection is researched to detect malicious domain names in two steps.Firstly,the features of the strings in the domain name are analysed,then extracted them.By calculating the entropy values of different domain names,the entropy distribution of normal domain names and malicious domain names is analysed,and a suitable information entropy threshold is set for preliminary detection;Domain names that are not within the threshold interval are judged as suspected DGA domain names,and this part of domain names is imported as input into the deep detection based on the LSTM model of long and short-term memory network,and judging by the model whether the suspected domain names is a DGA domain name or not.The experimental results show that the features of the samples generated by the algorithm in this paper are similar to those of the real malicious domain name samples,verifying that the generation algorithm can effectively expand the data set of variant malicious domain name samples.The detection algorithm model not only has the feature of less time consuming detection compared to other detection methods,but also has better performance in terms of accuracy and false alarm rate for the detection of DGA malicious domain names.This method will provide theoretical technical support for DGA domain name detection in the field of network security.