摘要
针对DGA域名难以检测的问题,构建了一种面向字符的采用深度学习的DGA域名检测模型,模型由字符嵌入层、特征检测层和分类预测层组成。字符嵌入层实现对输入DGA域名的数字编码;特征检测层采用深度学习模型自动提取特征;分类预测层采用全连接网络进行分类预测。为了选取最优的特征提取模型,分析比较了采用Bidirectional机制、Stack机制和Attention机制的LSTM模型与GRU模型,CNN模型,以及将CNN模型分别与LSTM模型和GRU模型相组合的模型。结果表明,与LSTM和GRU模型相比,采用Stack机制、前向Attention机制结合Bidirectional机制的LSTM和GRU模型,CNN模型,CNN模型与LSTM和GRU相组合的模型可提升模型的检测效果,但采用CNN和Bi-GRU组合构建的DGA域名检测模型可获得最优的检测效果。
For solving the problem of detection diffculty of the DGA domain name,this paper proposed a new DGA domain detection model from the viewpoint of character level by deep learning model.The model consisted of character embedding layer,feature detection layer and classification prediction layer.The character embedding layer realizes the digital encoding of DGA domain.The feature detection layer adopts the deep learning model to extract features automati-cally,and the classification prediction layer adopts neural network for classification prediction.In order to select the optimal model of feature extraction,the LSTM and GRU models using Bidirectional mechanism,Stack mechanism,Attention mechanism,CNN models and CNN models integrated respectively with LSTM and GRU model were compared.The results show that the LSTM and GRU models using Stack mechanism and Attention mechanism integrated with Bidirectional mechanism,CNN models and CNN models integrated with LSTM and GRU model can improve the detection effect.The DGA domain detection model using CNN model integrated with Bi-GRU can obtain the optimum detection effect.
作者
裴兰珍
赵英俊
王哲
罗赟骞
PEI Lan-zhen;ZHAO Ying-jun;WANG Zhe;LUO Yun-qian(School of Air and Missile Defense,Air Force Engineering University,Xi'an 710051,China;Army 95899 of PLA,Beijing 100085,China)
出处
《计算机科学》
CSCD
北大核心
2019年第5期111-115,共5页
Computer Science
基金
全军军事学研究生课题项目(2014JY514)资助
关键词
网络空间安全
深度学习
动态域名生成算法
卷积神经网络
门控循环单元
长短期记忆网络
Cyberspace security
Deep learning
Danamic domain generation algorithms
Convolutional neural network
Gatedrecurrent unit
Long short-term memory
作者简介
裴兰珍(1982-),女,博士生,工程师,主要研究方向为装备作战运用与保障、软件测试,E-mail:peilanzhen2018@163.com;通信作者:赵英俊(1966-),男,博士,教授,博士生导师,主要研究方向为装备作战运用与保障,E-mail:zhaoyingjun2018@163.com;王哲(1985-),男,博士生,讲师,主要研究方向为装备作战使用与保障;罗赟骞(1981-),男,博士后,工程师,CCF会员,主要研究方向为网络空间安全。
