基于神经网络的恶意DNS流量检测方法

单康康; 袁书宏; 陈文智; 王志波

doi:10.11959/j.issn.1000-436x.2024232

您当前的位置：

首页 >

文章列表页 >

基于神经网络的恶意DNS流量检测方法

网络安全 | 更新时间：2024-12-31

- 基于神经网络的恶意DNS流量检测方法
- Malicious DNS traffic detection based neural networks
- 通信学报 2024年45卷第Z2期页码：1-6
- 作者机构：
  
  1.浙江大学信息技术中心，浙江杭州 310027
  2.浙江大学计算机科学与技术学院，浙江杭州 310027
  3.浙江大学网络空间安全学院，浙江杭州 310027
- 作者简介：
  
  [ "单康康（1984- ），男，浙江东阳人，浙江大学高级工程师，主要研究方向为计算机体系结构、计算机网络安全、服务器系统研究等。" ]
  [ "袁书宏（1974- ），女，四川达州人，浙江大学高级工程师，主要研究方向为网络信息安全、下一代网络技术。" ]
  [ "陈文智（1969- ），男，广西田东人，博士，浙江大学教授、博士生导师，主要研究方向为嵌入式实时系统、分布式计算、虚拟化技术与可信计算等。" ]
  [ "王志波（1984- ），男，浙江杭州人，博士，浙江大学教授、博士生导师，主要研究方向为人工智能安全、数据安全与隐私保护、边缘智能与安全等。" ]
- 基金信息：
  
  未来互联网试验设施FITI项目试验节点建设资助项目(发改高技[2016]2533号);中国高校产学研创新基金资助项目(2022HS046)
- DOI：10.11959/j.issn.1000-436x.2024232
  中图分类号： TP309
- 收稿日期：2024-10-21，
  
  纸质出版日期：2024-11-30
- 稿件说明：
移动端阅览
单康康,袁书宏,陈文智等.基于神经网络的恶意DNS流量检测方法[J].通信学报,2024,45(Z2):1-6.

SHAN Kangkang,YUAN Shuhong,CHEN Wenzhi,et al.Malicious DNS traffic detection based neural networks[J].Journal on Communications,2024,45(Z2):1-6.
单康康,袁书宏,陈文智等.基于神经网络的恶意DNS流量检测方法[J].通信学报,2024,45(Z2):1-6. DOI： 10.11959/j.issn.1000-436x.2024232.

SHAN Kangkang,YUAN Shuhong,CHEN Wenzhi,et al.Malicious DNS traffic detection based neural networks[J].Journal on Communications,2024,45(Z2):1-6. DOI： 10.11959/j.issn.1000-436x.2024232.

摘要

针对目前机器学习检测恶意DNS流量提取流量特征方面的效率不高、检测准确率和检测速度较低等问题，提出了一种结合频域特征聚合分析和神经网络算法的恶意DNS流量检测方法FDS-DL。首先，通过离散傅里叶变换将DNS流量从时域空间转换到频域空间，在保留流量关键信息的同时大幅压缩数据规模；然后，利用卷积神经网络对处理后的频域序列数据进行分类。实验结果表明，与当前主流的几种检测方法相比，FDS-DL对恶意DNS流量的检测精度和F1_score性能最优。

Abstract

To solve the problems of low detection accuracy and speed caused by low efficiency in extracting traffic features using machine learning to detect malicious DNS traffic

a malicious DNS traffic detection method FDS-DL was proposed

which combines frequency domain feature aggregation analysis and neural networks algorithms. Firstly

DNS traffic was converted from time-domain space to frequency-domain space through discrete Fourier transform

which could significantly compress the data scale while retaining key log information. Then

convolutional neural network was used to classify the processed frequency domain sequence data. The experimental results show that compared with several mainstream detection methods

FDS-DL has a higher accuracy in identifying malicious DNS traffic and F1_score is optimal.

关键词

Keywords

references

CrowdStrike . 2023 Global Threat Report [R ] . 2023

International Data Corporation . 2022 Global DNS Threat Report [R ] . 2022 .

GRILL M , NIKOLAEV I , VALEROS V , et al . Detecting DGA malware using NetFlow [C ] // Proceedings of the 2015 IFIP/IEEE International Symposium on Integrated Network Management . Piscataway : IEEE Press , 2015 : 1304 - 1309 .

GAO J , ZHAO W H , ZHANG X , et al . MRI analysis of the ISOBAR TTL internal fixation system for the dynamic fixation of intervertebral discs: a comparison with rigid internal fixation [J ] . Journal of Orthopaedic Surgery and Research , 2014 , 9 ( 1 ): 43 .

SCHÜPPEN S , TEUBERT D , HERRMANN P , et al . FANCI: feature-based automated NXDomain classification and intelligence [C ] // Proceedings of the 27th USENIX Security Symposium . Berkeley : USENIX Association , 2018 : 1165 - 1181 .

CASINO F , LYKOUSAS N , HOMOLIAK I , et al . Intercepting hail hydra: real-time detection of algorithmically generated domains [J ] . Journal of Network and Computer Applications , 2021 , 190 : 103135 .

ALAEIYAN M , PARSA S , P V , et al . Detection of algorithmically-generated domains: an adversarial machine learning approach [J ] . Computer Communications , 2020 , 160 : 661 - 673 .

ZHANG H , GHARAIBEH M , THANASOULAS S , et al . BotDigger: detecting DGA bots in a single network [C ] // Proceedings of the Traffic Monitoring and Analysis . Berlin : Springer , 2016 : 1 - 8 .

TRAN H , NGUYEN A , VO P , et al . DNS graph mining for malicious domain detection [C ] // Proceedings of the 2017 IEEE International Conference on Big Data . Piscataway : IEEE Press , 2017 : 4680 - 4685 .

PENG C , YUN X , ZHANG Y , et al . MalShoot: shooting malicious domains through graph embedding on passive DNS data [C ] // Proceedings of the Collaborative Computing: Networking, Applications and Worksharing . Berlin : Springer , 2019 : 488 - 503 .

YIN L H , LUO X , ZHU C S , et al . ConnSpoiler: disrupting C&C communication of IoT-based botnet through fast detection of anomalous domain queries [J ] . IEEE Transactions on Industrial Informatics , 2020 , 16 ( 2 ): 1373 - 1384 .

SUN X Q , WANG Z L , YANG J H , et al . Deepdom: Malicious domain detection with scalable and heterogeneous graph convolutional networks [J ] . Computers & Security , 2020 , 99 : 102057 .

WOODBRIDGE J , ANDERSON H S , AHUJA A , et al . Predicting domain generation algorithms with long short-term memory networks [J ] . arXiv Preprint , arXiv: 1611.00791 , 2016 .

TRAN D , MAC H , TONG V , et al . A LSTM based framework for handling multiclass imbalance in DGA botnet detection [J ] . Neurocomputing , 2018 , 275 : 2401 - 2413 .

VINAYAKUMAR R , SOMAN K P , POORNACHANDRAN P , et al . Evaluating deep learning approaches to characterize and classify the DGAs at scale [J ] . Journal of Intelligent & Fuzzy Systems , 2018 , 34 ( 3 ): 1265 - 1276 .

STÉPHANE C , BLAKE S . A stable and open method for ranking domains [C ] // Proceedings of the Internet Measurement Conference) . New York : ACM Press , 2019 : 1 - 7 .

浏览量

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

基于阵列的神经网络水声通信信号多参数联合估计算法

基于同态密文转换的隐私保护卷积神经网络推理方案

基于函数加密的密文卷积神经网络模型

基于可见光和射频融合的通信定位一体化系统

基于卷积神经网络的车载数字孪生持续认证方案