检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:卫清才 宋礼鹏[1,2] WEI Qing-cai;SONG Li-peng(School of Data Science and Technology,North University of China,Taiyuan 030051,China;Research Institute of Big Data and Network Security,North University of China,Taiyuan 030051,China)
机构地区:[1]中北大学大数据学院,山西太原030051 [2]中北大学大数据与网络安全研究所,山西太原030051
出 处:《中北大学学报(自然科学版)》2021年第4期311-317,共7页Journal of North University of China(Natural Science Edition)
基 金:国家自然科学基金资助项目(61772478)。
摘 要:现有DGA域名分类模型仅注重检测已知的DGA域名家族,对新型DGA域名家族识别效果差.为了解决该问题,本文提出了一种基于正常域名及其可信度的DGA域名检测模型ProfDGA.该模型通过评估每个正常域名的可信度且将评分引入损失函数,使得模型训练只利用正常域名及其可信度.通过本文方法得到的模型具备更强的泛化性和检测新型DGA家族的能力.经过实验验证,虽然ProfDGA模型对已知DGA家族检测精确率降低了9%,但对未知DGA家族的检测精确率较现有模型提升了30%,查全率提升了54.2%,能有效发现新型DGA域名家族.The existing DGA domain name classification model only focuses on the detection of known DGA domain name families,but the recognition effect of new DGA domain name families is poor.In order to solve this problem,this paper proposes a DGA domain name detection model ProfDGA based on normal domain name and its credibility.The model evaluated the credibility of each normal domain name and introduced the score into the loss function,so that the model training only depended on the normal domain name and its credibility.The model obtained by the method in this paper had stronger generalization and the ability to detect the new DGA family.Through experimental verification,although the ProfDGA model has reduced the detection accuracy rate of known DGA families by 9%,the detection precision rate of unknown DGA families has increased by 30%compared with the existing model,and the recall rate has increased by 54.2%,which can effectively discover new DGA domain names family.
关 键 词:僵尸网络 域名生成算法 正样本可信度 深度学习 长短期记忆网络
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.145