Malicious DNS traffic detection based neural networks

SHAN Kangkang; YUAN Shuhong; CHEN Wenzhi; WANG Zhibo

doi:10.11959/j.issn.1000-436x.2024232

您当前的位置：

首页 >

文章列表页 >

Malicious DNS traffic detection based neural networks

Cyber Security | 更新时间：2024-12-31

- Malicious DNS traffic detection based neural networks
- Journal on Communications Vol. 45, Issue Z2, Pages: 1-6(2024)
- 作者机构：
  
  1.浙江大学信息技术中心，浙江杭州 310027
  2.浙江大学计算机科学与技术学院，浙江杭州 310027
  3.浙江大学网络空间安全学院，浙江杭州 310027
- 作者简介：
- 基金信息：
  
  Future Internet Experimental Facility FITI Project Experimental Node Construction(发改高技[2016]2533号);Industry-University-Research Innovation Fund for Chinese Universities(2022HS046)
- DOI：10.11959/j.issn.1000-436x.2024232
  CLC： TP309
- Received：21 October 2024，
  
  Published：30 November 2024
- 稿件说明：
移动端阅览
单康康,袁书宏,陈文智等.基于神经网络的恶意DNS流量检测方法[J].通信学报,2024,45(Z2):1-6.

SHAN Kangkang,YUAN Shuhong,CHEN Wenzhi,et al.Malicious DNS traffic detection based neural networks[J].Journal on Communications,2024,45(Z2):1-6.
单康康,袁书宏,陈文智等.基于神经网络的恶意DNS流量检测方法[J].通信学报,2024,45(Z2):1-6. DOI： 10.11959/j.issn.1000-436x.2024232.

SHAN Kangkang,YUAN Shuhong,CHEN Wenzhi,et al.Malicious DNS traffic detection based neural networks[J].Journal on Communications,2024,45(Z2):1-6. DOI： 10.11959/j.issn.1000-436x.2024232.

摘要

针对目前机器学习检测恶意DNS流量提取流量特征方面的效率不高、检测准确率和检测速度较低等问题，提出了一种结合频域特征聚合分析和神经网络算法的恶意DNS流量检测方法FDS-DL。首先，通过离散傅里叶变换将DNS流量从时域空间转换到频域空间，在保留流量关键信息的同时大幅压缩数据规模；然后，利用卷积神经网络对处理后的频域序列数据进行分类。实验结果表明，与当前主流的几种检测方法相比，FDS-DL对恶意DNS流量的检测精度和F1_score性能最优。

Abstract

To solve the problems of low detection accuracy and speed caused by low efficiency in extracting traffic features using machine learning to detect malicious DNS traffic

a malicious DNS traffic detection method FDS-DL was proposed

which combines frequency domain feature aggregation analysis and neural networks algorithms. Firstly

DNS traffic was converted from time-domain space to frequency-domain space through discrete Fourier transform

which could significantly compress the data scale while retaining key log information. Then

convolutional neural network was used to classify the processed frequency domain sequence data. The experimental results show that compared with several mainstream detection methods

FDS-DL has a higher accuracy in identifying malicious DNS traffic and F1_score is optimal.

关键词

Keywords

references

CrowdStrike . 2023 Global Threat Report [R ] . 2023

International Data Corporation . 2022 Global DNS Threat Report [R ] . 2022 .

GRILL M , NIKOLAEV I , VALEROS V , et al . Detecting DGA malware using NetFlow [C ] // Proceedings of the 2015 IFIP/IEEE International Symposium on Integrated Network Management . Piscataway : IEEE Press , 2015 : 1304 - 1309 .

GAO J , ZHAO W H , ZHANG X , et al . MRI analysis of the ISOBAR TTL internal fixation system for the dynamic fixation of intervertebral discs: a comparison with rigid internal fixation [J ] . Journal of Orthopaedic Surgery and Research , 2014 , 9 ( 1 ): 43 .

SCHÜPPEN S , TEUBERT D , HERRMANN P , et al . FANCI: feature-based automated NXDomain classification and intelligence [C ] // Proceedings of the 27th USENIX Security Symposium . Berkeley : USENIX Association , 2018 : 1165 - 1181 .

CASINO F , LYKOUSAS N , HOMOLIAK I , et al . Intercepting hail hydra: real-time detection of algorithmically generated domains [J ] . Journal of Network and Computer Applications , 2021 , 190 : 103135 .

ALAEIYAN M , PARSA S , P V , et al . Detection of algorithmically-generated domains: an adversarial machine learning approach [J ] . Computer Communications , 2020 , 160 : 661 - 673 .

ZHANG H , GHARAIBEH M , THANASOULAS S , et al . BotDigger: detecting DGA bots in a single network [C ] // Proceedings of the Traffic Monitoring and Analysis . Berlin : Springer , 2016 : 1 - 8 .

TRAN H , NGUYEN A , VO P , et al . DNS graph mining for malicious domain detection [C ] // Proceedings of the 2017 IEEE International Conference on Big Data . Piscataway : IEEE Press , 2017 : 4680 - 4685 .

PENG C , YUN X , ZHANG Y , et al . MalShoot: shooting malicious domains through graph embedding on passive DNS data [C ] // Proceedings of the Collaborative Computing: Networking, Applications and Worksharing . Berlin : Springer , 2019 : 488 - 503 .

YIN L H , LUO X , ZHU C S , et al . ConnSpoiler: disrupting C&C communication of IoT-based botnet through fast detection of anomalous domain queries [J ] . IEEE Transactions on Industrial Informatics , 2020 , 16 ( 2 ): 1373 - 1384 .

SUN X Q , WANG Z L , YANG J H , et al . Deepdom: Malicious domain detection with scalable and heterogeneous graph convolutional networks [J ] . Computers & Security , 2020 , 99 : 102057 .

WOODBRIDGE J , ANDERSON H S , AHUJA A , et al . Predicting domain generation algorithms with long short-term memory networks [J ] . arXiv Preprint , arXiv: 1611.00791 , 2016 .

TRAN D , MAC H , TONG V , et al . A LSTM based framework for handling multiclass imbalance in DGA botnet detection [J ] . Neurocomputing , 2018 , 275 : 2401 - 2413 .

VINAYAKUMAR R , SOMAN K P , POORNACHANDRAN P , et al . Evaluating deep learning approaches to characterize and classify the DGAs at scale [J ] . Journal of Intelligent & Fuzzy Systems , 2018 , 34 ( 3 ): 1265 - 1276 .

STÉPHANE C , BLAKE S . A stable and open method for ranking domains [C ] // Proceedings of the Internet Measurement Conference) . New York : ACM Press , 2019 : 1 - 7 .

Views

886

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

Trajectory reconstruction attacks on differential privacy based on a CNN-BiLSTM-Attention hybrid model

Modulation recognition method based on multiscale convolutional fusion coding networks

Research on scenario recognition for THz channels based on mRMR-GA

Array-based neural network algorithm for multi-parameter joint estimation of underwater acoustic communication signals

Privacy-preserving convolutional neural network inference scheme based on homomorphic ciphertext transformation

Related Author

XIE Lixia

ZHAO Erkang

YANG Hongyu

LIU Zheli

ZHAO Yongxin

LI Guojun

ZHU Siyuan

ZHENG Jianzhong

Related Institution

School of Computer Science and Technology, Civil Aviation University of China

School of Safety Science and Engineering, Civil Aviation University of China

College of Cyber Science, Nankai University

School of Computer Science and Engineering, Tianjin University of Technology

School of Optoelectronic Engineering, Chongqing University of Posts and Telecommunications

AI问答

⁰