基于迁移学习的小样本恶意域名检测  被引量：6

作　　者：赵凡[1] 赵宏[2] 常兆斌 ZHAO Fan;ZHAO Hong;CHANG Zhao-bin(Innovation Platform Center,Gansu Institute of Science and Technology Information,Lanzhou 730000,China;School of Computer and Communication,Lanzhou University of Technology,Lanzhou 730050,China)

机构地区：[1]甘肃省科学技术情报研究所创新平台中心,甘肃兰州730000 [2]兰州理工大学计算机与通信学院,甘肃兰州730050

出　　处：《计算机工程与设计》2022年第12期3381-3387,共7页Computer Engineering and Design

基　　金：国家自然科学基金项目(51668043)。

摘　　要：恶意域名的变种随着检测方法的增多而不断丰富,现有模型对于该类恶意域名的检测精度不高。为此,提出一种基于迁移学习的小样本变种域名检测算法。通过构造双向长短时记忆神经网络(bi-directional long short term memory,BiLSTM)和卷积神经网络(convolutional neural networks,CNN)的组合模型BiLSTM-CNN,提取域名上下文特征和局部语义特征,利用数据量充足的多家族恶意域名数据集进行预训练;迁移BiLSTM-CNN模型预训练的参数到小样本的恶意域名检测模型中,对新出现或新变种的小样本恶意域名进行检测。在多个小样本数据集和数据量充足的多家族恶意域名集上进行测试,运行结果表明,所提模型在数据量充足的多家族恶意域名数据集上可以实现95.17%的平均检测精度,在多个小样本数据集可以实现94.26%的平均检测精度。与当前经典的检测模型相比,所提模型整体检测性能表现良好。The number of variants of malicious domain names has increased with the number of detection methods,and the accuracy of existing models for detecting such malicious domain names is not high.Therefore,a transfer learning-based detection method for detecting new variants of the few-shot domain names was proposed.The hybrid model BiLSTM-CNN was constructed to extract contextual features and local semantic features of domain names using the bi-directional long short-term memory(BiLSTM)and convolutional neural networks(CNN),and the multi-family malicious domain name dataset with sufficient data was used for pre-training.The pre-trained parameters of the BILSTM-CNN model were transferred to the few-shot detection model to detect the new emergence or new variants of malicious domain names.The result of experiments on open source small sample datasets and multi-family malicious domain name datasets with sufficient data show that,the proposed algorithm can identify more types of varieties for few-shot malicious domain names than the current classic malicious domain name detection methods,while maintaining a high detection accuracy.

关 键 词：恶意域名检测 新出现域名 多家族恶意域名 小样本 迁移学习 

分 类 号：TP301[自动化与计算机技术—计算机系统结构]