基于神经网络的恶意DNS流量检测方法
Malicious DNS traffic detection based neural networks
- 通信学报 2024年45卷第Z2期 页码:1-6
- 作者机构:
1.浙江大学信息技术中心,浙江 杭州 310027
2.浙江大学计算机科学与技术学院,浙江 杭州 310027
3.浙江大学网络空间安全学院,浙江 杭州 310027
- 作者简介:
[ "单康康(1984- ),男,浙江东阳人,浙江大学高级工程师,主要研究方向为计算机体系结构、计算机网络安全、服务器系统研究等。" ]
[ "袁书宏(1974- ),女,四川达州人,浙江大学高级工程师,主要研究方向为网络信息安全、下一代网络技术。" ]
[ "陈文智(1969- ),男,广西田东人,博士,浙江大学教授、博士生导师,主要研究方向为嵌入式实时系统、分布式计算、虚拟化技术与可信计算等。" ]
[ "王志波(1984- ),男,浙江杭州人,博士,浙江大学教授、博士生导师,主要研究方向为人工智能安全、数据安全与隐私保护、边缘智能与安全等。" ]
- 基金信息:未来互联网试验设施FITI项目试验节点建设资助项目(发改高技[2016]2533号);中国高校产学研创新基金资助项目(2022HS046)
DOI:10.11959/j.issn.1000-436x.2024232
中图分类号: TP309收稿:2024-10-21,
纸质出版:2024-11-30
- 稿件说明:
移动端阅览
单康康,袁书宏,陈文智等.基于神经网络的恶意DNS流量检测方法[J].通信学报,2024,45(Z2):1-6.
SHAN Kangkang,YUAN Shuhong,CHEN Wenzhi,et al.Malicious DNS traffic detection based neural networks[J].Journal on Communications,2024,45(Z2):1-6.
单康康,袁书宏,陈文智等.基于神经网络的恶意DNS流量检测方法[J].通信学报,2024,45(Z2):1-6. DOI: 10.11959/j.issn.1000-436x.2024232.
SHAN Kangkang,YUAN Shuhong,CHEN Wenzhi,et al.Malicious DNS traffic detection based neural networks[J].Journal on Communications,2024,45(Z2):1-6. DOI: 10.11959/j.issn.1000-436x.2024232.
摘要
针对目前机器学习检测恶意DNS流量提取流量特征方面的效率不高、检测准确率和检测速度较低等问题,提出了一种结合频域特征聚合分析和神经网络算法的恶意DNS流量检测方法FDS-DL。首先,通过离散傅里叶变换将DNS流量从时域空间转换到频域空间,在保留流量关键信息的同时大幅压缩数据规模;然后,利用卷积神经网络对处理后的频域序列数据进行分类。实验结果表明,与当前主流的几种检测方法相比,FDS-DL对恶意DNS流量的检测精度和F1_score性能最优。
Abstract
To solve the problems of low detection accuracy and speed caused by low efficiency in extracting traffic features using machine learning to detect malicious DNS traffic
a malicious DNS traffic detection method FDS-DL was proposed
which combines frequency domain feature aggregation analysis and neural networks algorithms. Firstly
DNS traffic was converted from time-domain space to frequency-domain space through discrete Fourier transform
which could significantly compress the data scale while retaining key log information. Then
convolutional neural network was used to classify the processed frequency domain sequence data. The experimental results show that compared with several mainstream detection methods
FDS-DL has a higher accuracy in identifying malicious DNS traffic and F1_score is optimal.
关键词
Keywords
references
CrowdStrike . 2023 Global Threat Report [R ] . 2023
International Data Corporation . 2022 Global DNS Threat Report [R ] . 2022 .
GRILL M , NIKOLAEV I , VALEROS V , et al . Detecting DGA malware using NetFlow [C ] // Proceedings of the 2015 IFIP/IEEE International Symposium on Integrated Network Management . Piscataway : IEEE Press , 2015 : 1304 - 1309 .
GAO J , ZHAO W H , ZHANG X , et al . MRI analysis of the ISOBAR TTL internal fixation system for the dynamic fixation of intervertebral discs: a comparison with rigid internal fixation [J ] . Journal of Orthopaedic Surgery and Research , 2014 , 9 ( 1 ): 43 .
SCHÜPPEN S , TEUBERT D , HERRMANN P , et al . FANCI: feature-based automated NXDomain classification and intelligence [C ] // Proceedings of the 27th USENIX Security Symposium . Berkeley : USENIX Association , 2018 : 1165 - 1181 .
CASINO F , LYKOUSAS N , HOMOLIAK I , et al . Intercepting hail hydra: real-time detection of algorithmically generated domains [J ] . Journal of Network and Computer Applications , 2021 , 190 : 103135 .
ALAEIYAN M , PARSA S , P V , et al . Detection of algorithmically-generated domains: an adversarial machine learning approach [J ] . Computer Communications , 2020 , 160 : 661 - 673 .
ZHANG H , GHARAIBEH M , THANASOULAS S , et al . BotDigger: detecting DGA bots in a single network [C ] // Proceedings of the Traffic Monitoring and Analysis . Berlin : Springer , 2016 : 1 - 8 .
TRAN H , NGUYEN A , VO P , et al . DNS graph mining for malicious domain detection [C ] // Proceedings of the 2017 IEEE International Conference on Big Data . Piscataway : IEEE Press , 2017 : 4680 - 4685 .
PENG C , YUN X , ZHANG Y , et al . MalShoot: shooting malicious domains through graph embedding on passive DNS data [C ] // Proceedings of the Collaborative Computing: Networking, Applications and Worksharing . Berlin : Springer , 2019 : 488 - 503 .
YIN L H , LUO X , ZHU C S , et al . ConnSpoiler: disrupting C&C communication of IoT-based botnet through fast detection of anomalous domain queries [J ] . IEEE Transactions on Industrial Informatics , 2020 , 16 ( 2 ): 1373 - 1384 .
SUN X Q , WANG Z L , YANG J H , et al . Deepdom: Malicious domain detection with scalable and heterogeneous graph convolutional networks [J ] . Computers & Security , 2020 , 99 : 102057 .
WOODBRIDGE J , ANDERSON H S , AHUJA A , et al . Predicting domain generation algorithms with long short-term memory networks [J ] . arXiv Preprint , arXiv: 1611.00791 , 2016 .
TRAN D , MAC H , TONG V , et al . A LSTM based framework for handling multiclass imbalance in DGA botnet detection [J ] . Neurocomputing , 2018 , 275 : 2401 - 2413 .
VINAYAKUMAR R , SOMAN K P , POORNACHANDRAN P , et al . Evaluating deep learning approaches to characterize and classify the DGAs at scale [J ] . Journal of Intelligent & Fuzzy Systems , 2018 , 34 ( 3 ): 1265 - 1276 .
STÉPHANE C , BLAKE S . A stable and open method for ranking domains [C ] // Proceedings of the Internet Measurement Conference) . New York : ACM Press , 2019 : 1 - 7 .
0
浏览量
680
下载量
0
CSCD
- 网络PDF下载
- WORD下载
- XML下载
- Meta-XML下载
- BibTeX下载
- Endnote下载
- RefMan 下载
- NoteExpress下载
- NoteFirst下载
关联资源
相关文章
相关作者
相关机构
AI问答- 技术支持由北京北大方正电子有限公司提供 京ICP备09064830号-19
京公网安备11010802024621 - 本系统建议在Chrome、 IE9+ 以上版本浏览器阅读本站内容,360浏览器请切换至极速模式
- Cookies帮助我们提供服务并提供个性化体验。使用本网站,即表示您同意我们使用Cookies
- 总访问量:583619 今日访问量:1435