DGA malicious domain name identification based on XGBoost and particle swarm optimization algorithm

CHEN Zesheng; ZHOU Min; FENG Lichun; CHEN Weijie

doi:10.11959/j.issn.1000-436x.2024237

您当前的位置：

首页 >

文章列表页 >

DGA malicious domain name identification based on XGBoost and particle swarm optimization algorithm

Cyber Security | 更新时间：2024-12-31

- DGA malicious domain name identification based on XGBoost and particle swarm optimization algorithm
- Journal on Communications Vol. 45, Issue Z2, Pages: 27-32(2024)
- 作者机构：
  
  广州美术学院信息技术中心，广东广州 510006
- 作者简介：
- 基金信息：
  
  Guangzhou Academy of Fine Arts Academic Improvement Program(24XS38)
- DOI：10.11959/j.issn.1000-436x.2024237
  CLC： TP3.2.2
- Received：21 October 2024，
  
  Published：30 November 2024
- 稿件说明：
移动端阅览
陈泽生,周敏,冯李春等.基于XGBoost和粒子群优化算法的DGA恶意域名识别[J].通信学报,2024,45(Z2):27-32.

CHEN Zesheng,ZHOU Min,FENG Lichun,et al.DGA malicious domain name identification based on XGBoost and particle swarm optimization algorithm[J].Journal on Communications,2024,45(Z2):27-32.
陈泽生,周敏,冯李春等.基于XGBoost和粒子群优化算法的DGA恶意域名识别[J].通信学报,2024,45(Z2):27-32. DOI： 10.11959/j.issn.1000-436x.2024237.

CHEN Zesheng,ZHOU Min,FENG Lichun,et al.DGA malicious domain name identification based on XGBoost and particle swarm optimization algorithm[J].Journal on Communications,2024,45(Z2):27-32. DOI： 10.11959/j.issn.1000-436x.2024237.

摘要

恶意域名生成算法（DGA）已成为一种常见的网络攻击手段，为了提高对DGA恶意域名的检测能力，提出了一种基于XGBoost和粒子群优化（PSO）算法的恶意域名识别方法。首先，以交叉验证准确率作为评估指标，使用PSO算法对XGBoost进行超参数寻优，然后基于XGBoost进行分类识别。实验结果显示，经过PSO优化的XGBoost模型在DGA恶意域名分类识别中性能得到提升，相较于其他分类模型，在准确率、精确率、召回率和F1分数等评价指标上获得了更优的效果。研究表明，结合PSO算法进行参数能够有效地提升XGBoost模型在DGA恶意域名识别任务中的表现。

Abstract

Domain generation algorithms (DGA) have become a common method of network attacks. To enhance the detection capability for DGA malicious domains

a method for malicious domain identification based on XGBoost and particle swarm optimization (PSO) algorithms was proposed. Firstly

using cross-validation accuracy as the evaluation metric

the PSO algorithm was employed to optimize the hyperparameters of XGBoost

followed by classification and identification using XGBoost. Experimental results demonstrate that the XGBoost model optimized by PSO exhibits improved performance in DGA malicious domain classification. Compared to other classification models

it achieves better results in metrics such as accuracy

precision

recall

and F1_score. The study indicates that integrating PSO for parameter selection effectively enhances the performance of XGBoost in DGA malicious domain identification tasks.

关键词

Keywords

references

国家互联网应急中心 . 2020年中国互联网网络安全报告 [R ] . (2021-07-21)[2024-08-11 ] .

俞意 , 李建华 , 沈晨 , 等 . IoT僵尸网络传播大规模测量研究 [J ] . 计算机时代 , 2023 ( 9 ): 37 - 42, 47 .

YU Y , LI J H , SHEN C , et al . Large-scale measurement study of IoT botnet infection behavior [J ] . Computer Era , 2023 ( 9 ): 37 - 42, 47 .

赵科军 . 基于深度学习的DGA域名检测与生成方法研究 [D ] . 济南 : 山东大学 , 2024 .

杨帆 , 乌景秀 , 范子武 , 等 . 快速综合学习粒子群优化算法 [J/OL ] . 水利水电技术(中英文) , ( 2024-07-24 )[ 2024-10-20 ] .

KÜHRER M , ROSSOW C , HOLZ T . Paint it black: evaluating the effectiveness of malware blacklists [C ] // Proceedings of Research in Attacks, Intrusions and Defenses . Cham : Springer International Publishing , 2014 : 1 - 21 .

黄凯 , 傅建明 , 黄坚伟 , 等 . 一种基于字符及解析特征的恶意域名检测方法 [J ] . 计算机仿真 , 2018 , 35 ( 3 ): 287 - 292 .

HUANG K , FU J M , HUANG J W , et al . A malicious domain detection approach based on character and resolution features [J ] . Computer Simulation , 2018 , 35 ( 3 ): 287 - 292 .

VRANKEN H , ALIZADEH H . Detection of DGA-generated domain names with TF-IDF [J ] . Electronics , 2022 , 11 ( 3 ): 414 .

赵正利 , 姜鹏 , 仲国强 , 等 . 基于SVM-RFE和粒子群优化算法的恶意域名检测模型 [J ] . 福州大学学报(自然科学版) , 2023 , 51 ( 5 ): 634 - 638 .

ZHAO Z L , JIANG P , ZHONG G Q , et al . A SVM-RFE and particle swarm optimization based detection model for malicious domain names [J ] . Journal of Fuzhou University (Natural Science Edition) , 2023 , 51 ( 5 ): 634 - 638 .

HOANG X D , VU X H . An improved model for detecting DGA botnets using random forest algorithm [J ] . Information Security Journal: A Global Perspective , 2022 , 31 ( 4 ): 441 - 450 .

盛振威 , 徐国天 . 基于融合CNN与GRU的DGA恶意域名检测方法 [J ] . 网络安全技术与应用 , 2022 ( 12 ): 29 - 32 .

SHENG Z W , XU G T . Detection method of DGA malicious domain Name based on fusion of CNN and GRU [J ] . Network Security Technology & Application , 2022 ( 12 ): 29 - 32 .

SHAHZAD H , SATTAR A R , SKANDARANIYAM J . DGA domain detection using deep learning [C ] // Proceedings of 2021 IEEE 5th International Conference on Cryptography, Security and Privacy . Piscataway : IEEE Press , 2021 : 139 - 143 .

林思明 , 陈腾跃 , 梁煜麓 . 基于BiLSTM神经网络的DGA域名检测方法 [J ] . 网络安全技术与应用 , 2019 ( 1 ): 15 - 17 .

LIN S M , CHEN T Y , LIANG Y L . Detection method of DGA domain Name based on BiLSTM neural network [J ] . Network Security Technology & Application , 2019 ( 1 ): 15 - 17 .

闫莉莉 . 基于神经网络的恶意DGA域名检测技术研究 [D ] . 济南 : 齐鲁工业大学 , 2024 .

YAN L L . Research on malicious DGA domain Name detection technology based on neural network [D ] . Jinan : Qilu University of Technology , 2024 .

郝旭光 . 基于注意力特征融合网络的DGA恶意域名检测方法 [J ] . 网络安全与数据治理 , 2024 , 43 ( 1 ): 19 - 27 .

HAO X G . A DGA malicious domain detection method based on attention feature fusion network [J ] . Cyber Security and Data Governance , 2024 , 43 ( 1 ): 19 - 27 .

Views

1366

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

CPDGA: foresee future DGA using proactive conformal propagation

Research on scenario recognition for THz channels based on mRMR-GA

Abnormal traffic detection method based on multi-scale attention feature enhancement

Network intrusion detection method based on VAE-CWGAN and fusion of statistical importance of feature

Parallel deep forest algorithm based on Spark and three-way interactive information

Related Author

LIU Shuangshuang

WANG Zhi

DONG Yimeng

LI Wanpeng

HAO Xinyu

LIAO Xi

WANG Yang

LIN Feng

Related Institution

College of Computer Science, University of Liverpool, Liverpool BX

College of Cryptology and Cyber Science, Nankai University

School of Communication and Information Engineering, Chongqing University of Posts and Telecommunications

School of Information Engineering, Yangzhou University

School of Computer Science and Technology, Civil Aviation University of China

AI问答

⁰