摘要
目前,网络安全问题层出不穷,特别是近年来以域名为依托的攻击,如勒索软件、垃圾邮件、DDos攻击等,成为网络安全威胁的重要表现形式。以域名攻击技术为主要攻击方式的网络威胁,经历了从传统的机器学习的检测方法到主流的深度学习检测方法的转变。发现神经网络能够很好地自学习恶意域名特征,并能提供更高的检测率。但随着检测技术的不断提高,攻击者提出了更智能的DGA域名来规避神经网络的检测,在后续的基于这些DGA变体的检测成为目前域名检测技术的主要研究方向。随着生成对抗网络在域名检测方面的应用,Anderson等提出利用GAN来生成对抗样本提高检测,为域名的检测发展提出新的发展方向。最后,总结域名检测的发展概况及其存在的问题,并对域名检测的可发展点做出展望。
At present, network security issues are emerging, especially in recent years, domain-based attacks, such as ransomware, spam, DDos attacks, etc., have become an important manifestation of cyber security threats. The network threat with domain name attack technology as the main attack mode has experienced a transition from the traditional machine learning detection method to the mainstream deep learning detection method. It is found that the neural network can self-learn the malicious domain name feature and provide a higher detection rate. However, with the continuous improvement of detection technology, attackers have proposed smarter DGA domain names to avoid the detection of neural networks. The subsequent detection based on these DGA variants has become the main research direction of domain name detection technology. With the application of the anti-network in domain name detection, Anderson et al. proposed to use GAN to generate anti-sample detection, which proposed a new development direction for the development of domain name detection. Finally, we summarized the development of domain name detection and its existing problems, and prospected the development of domain name detection.
作者
王媛媛
吴春江
刘启和
谭浩
周世杰
Wang Yuanyuan;Wu Chunjiang;Liu Qihe;Tan Hao;Zhou Shijie(School of Information and Software Engineering, University of Electronic Science and Technology, Chengdu 610054, Sichuan, China)
出处
《计算机应用与软件》
北大核心
2019年第9期310-316,共7页
Computer Applications and Software
基金
四川省重大专项(2018GZDZX0006,2017GZDZX0002,2018GZDZX0007)
关键词
DGA算法
恶意域名
检测技术
模型
深度学习
DGA algorithm
Malicious domain name
Detection technology
Model
Deep learning
作者简介
王媛媛,硕士生,主研领域:网络安全;吴春江,博士生;刘启和,副教授;谭浩,副教授;周世杰,教授。
