基于机器学习的域名数据监控方法  被引量:2

Monitoring Method of Domain Name Data Based on Machine Learning

在线阅读下载全文

作  者:刘明星[1] 金键[1] 李晓东[1] 

机构地区:[1]中国科学院计算机网络信息中心,北京100190

出  处:《计算机工程》2014年第9期263-268,共6页Computer Engineering

基  金:国家自然科学基金资助项目(61005029);互联网基础技术开放实验室研究课题基金资助项目

摘  要:域名资源记录被篡改的问题严重危害域名应用。由于该问题具有较强的隐蔽性,亟需一种快速且有效的发现域名危险变化的方法。为此,提出一种基于机器学习算法的域名数据监控方法。在一定数量的域名中选取出资源记录发生变化的域名,通过分析其相关信息生成一个由域名字面特征、正反匹配度等属性组成的元组。以变化是否危险为依据进行类标签人工标记,每个元组和其类标签组成训练集中的一个实例。由分析训练集决策树算法和支持向量机算法建立检测域名系统数据危险变化的分类器。通过十折交叉法验证2个分类器,发现其在域名危险变化判断上具有较强的能力,正确率的加权均值分别达到73.8%和82.4%。A threat that Domain Name System(DNS)data is tampered by hackers endangers DNS applications. Due to the hidden characteristic of this threat,a quick and effective method to find dangerous changes in DNS data is needed urgently. Regarding to the problem,this paper proposes a method to monitor the DNS data based on machine learning,by which dangerous change in DNS data can be found quickly. Some domain names whose data are changed are chosen from a number of domain names,and their relevant information is individually analyzed in order to produce a tuple that is represented by a multi-dimensional attribute vector,which contains literal characteristics,forward-inverse match and so on. After that a class is labeled depending on whether the changes are bad or not so that an instance containing the tuple and their class label is built and consequently a training set is built. By analyzing the training set the two classification algorithms,decision tree and Support Vector Machine(SVM),build classifiers,which are used to detect whether changes in DNS data are dangerous or not. The10-fold cross-validation is used to validate the two classifiers. It is found that the classifiers do well in finding dangerous changes in DNS data,in which the present results show that the classifier can reach a good precision,and their weighted average accuracies are73.8% and82.4%.

关 键 词:域名系统 安全 机器学习 域名系统监控 决策树 支持向量机 

分 类 号:TP18[自动化与计算机技术—控制理论与控制工程]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象