Fast-flucos:基于DNS流量的Fast-flux恶意域名检测方法  被引量:11

Fast-flucos:malicious domain name detection method for Fast-flux based on DNS traffic

在线阅读下载全文

作  者:韩春雨 张永铮[2,3] 张玉 HAN Chunyu;ZHANG Yongzheng;ZHANG Yu(College of Computer Science,Nankai University,Tianjin 300071,China;Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093,China;School of Cyber Security,University of Chinese Academy of Sciences,Beijing 100049,China)

机构地区:[1]南开大学计算机学院,天津300071 [2]中国科学院信息工程研究所,北京100093 [3]中国科学院大学网络空间安全学院,北京100049

出  处:《通信学报》2020年第5期37-47,共11页Journal on Communications

基  金:国家自然科学基金资助项目(No.U1736218);北京市科学技术委员会基金资助项目(No.Z191100007119005)。

摘  要:现有的Fast-flux域名检测方法在稳定性、针对性和流量普适性方面存在一些不足,为此提出一种基于DNS流量的检测方法Fast-flucos。首先,采用流量异常过滤和关联匹配算法,以提高检测的稳定性;然后,引入量化的地理广度、国家向量表和时间向量表特征,以加强对Fast-flux域名检测的针对性;最后,采用更合理的正负样本和包括深度学习在内的多种机器学习方法确定最佳分类器和最优特征组合,以尽量确保对真实DNS流量的普适性。基于真实DNS流量的实验表明,Fast-flucos的召回率、精确率和ROC_AUC分别达到了0.9986、0.9767和0.9929,均优于当前主流的EXPOSURE、GRADE和AAGD等检测方法。There are three weaknesses in previous Fast-flux domain name detection method on the aspects of stability,targeting,and applicability to common real-world DNS traffic environment.For this,a method based on DNS traffic,called Fast-flucos was proposed.Firstly,the traffic anomaly filtering and association matching algorithms were used for improving detection stability.Secondly,the features,quantified geographical width,country list,and time list,were applied for better targeting Fast-flux domains.Lastly,the feature extraction were finished by the more suitable samples for trying to adapt to common real-world DNS traffic.Several machine learning algorithms including deep learning are tried for determining the best classifier and feature combination.The experimental result based on real-world DNS traffic shows that Fast-flucos’recall rate is 0.9986,precision is 0.9767,and ROC_AUC is 0.9929,which are all better than the current main stream approaches,such as EXPOSURE,GRADE and AAGD.

关 键 词:Fast-flux 域名系统 域名检测 机器学习 深度学习 

分 类 号:TP393[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象