域名生成算法检测技术综述  

作　　者：汪绪先 黄缙华 翟优 李础南 王宇[3] 张宇鹏 张翼鹏 杨立群 李舟军[3] WANG Xuxian;HUANG Jinhua;ZHAI You;LI Chu’nan;WANG Yu;ZHANG Yupeng;ZHANG Yipeng;YANG Liqun;LI Zhoujun(Key Laboratory of Power Grid Automation Laboratory,China Southern Power Grid,Guangzhou 510080,China;Electric Power Research Institute,Guangdong Power Grid Co.,Ltd.,Guangzhou 510080,China;School of Computer Science and Engineering,Beihang University,Beijing 100191,China;School of Cyber Science and Technology,Beihang University,Beijing 100191,China;School of Information Science and Technology,North China University of Technology,Beijing 100144,China)

机构地区：[1]中国南方电网公司重点实验室电网自动化实验室,广州510080 [2]广东电网有限责任公司电力科学研究院,广州510080 [3]北京航空航天大学计算机学院,北京100191 [4]北京航空航天大学网络空间安全学院,北京100191 [5]北方工业大学信息学院,北京100144

出　　处：《计算机科学》2024年第8期371-378,共8页Computer Science

基　　金：国家自然科学基金(U2333205,62302025,62276017);国家电网有限公司总部科技项目(5108-202303439A-3-2-ZN);南方电网公司科技项目(GDDKY2021KF03);2022绿盟科技“鲲鹏”科研基金(CCF-NSFOCUS202210)。

摘　　要：C&C服务器是网络攻击者用于控制僵尸主机的中间服务器,在僵尸网络中处于核心位置。为增强C&C服务器的隐蔽性,网络攻击者使用域名生成算法来隐藏C&C服务器地址。近年来,域名生成算法检测技术作为检测僵尸网络的重要手段,已经成为一个研究热点。首先,介绍了当前网络安全的发展态势和僵尸网络的拓扑结构。其次,介绍了域名生成算法和相关数据集。接着,介绍了域名生成算法检测技术的分类,并对这些检测技术进行总结综述。最后,探讨了现阶段域名生成算法检测技术存在的问题,并对未来研究方向进行了展望。The C&C server is an intermediate server used by cyber attackers to control bots,and plays a key role in botnet.In order to enhance the concealment of the C&C server,cyber attackers use domain generation algorithms to hide the IP address of C&C server.In recent years,domain generation algorithm detection technology,as an important means of detecting botnets,has become a research hotspot.This paper first introduces the current development trend of cyber security and the topological structure of botnets.Secondly,the domain generation algorithm and the related dataset are introduced.Then,the classification of domain generation algorithm detection techniques is introduced,and these detection techniques are summarized.Finally,the pro-blems existing in the domain generation algorithm detection technology at the present stage are discussed,and the future research directions are prospected.

关 键 词：僵尸网络 C&C服务器 域名生成算法 域名生成算法检测 网络安全威胁 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]