Malicious domain name detection method based on SMOTE and BI-LSTM network

A domain name detection and domain name technology, applied in the field of network security, can solve the problems of passive defense, domain name detection difficulty, low efficiency, etc.

Inactive Publication Date: 2019-04-12
FUZHOU UNIV
View PDF5 Cites 29 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Under the background of the rapid development of global network informatization, the existing methods mostly have problems such as low efficiency, unsatisfactory detection accuracy and passive defen

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious domain name detection method based on SMOTE and BI-LSTM network
  • Malicious domain name detection method based on SMOTE and BI-LSTM network
  • Malicious domain name detection method based on SMOTE and BI-LSTM network

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0064] The present invention will be further described below in conjunction with the accompanying drawings and embodiments.

[0065] The present invention provides a kind of malicious domain name detection method based on SMOTE and BI-LSTM, comprises the following steps:

[0066] Step A: Collect several normal domain names and malicious domain names to form a training set;

[0067] Step B: Carry out data preprocessing to the domain name in training set, obtain domain name character sequence training set D;

[0068] Step B1: Create a Label array to store the attributes of the domain name, and label the training set;

[0069] Step B2: Create a domain name character dictionary, convert the domain names in the training set into character vectors, and obtain the domain name character sequence training set D.

[0070] Step B21: Create a domain name character dictionary and initialize it to be empty. Each element in the dictionary is in the form of , where c is a character and f is...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a malicious domain name detection method based on SMOTE and BI-LSTM. The method comprises the following steps of carrying out data preprocessing on domain names in a trainingset in order to obtain a domain name character sequence training set D; carrying out equalized data synthesis on the domain name character sequence training set D by utilizing an improved SMOTE algorithm in order to obtain an enhanced and equalized training set D'; constructing and initializing a neural network model comprising a BI-LSTM layer and a full-connection layer; converting the domain names in the training set D' into representation vectors with the fixed length; inputting the representation vectors of the domain names obtained in the step D into the BI-LSTM layer of the neural network model in order to obtain context vectors of the domain names; inputting he context vectors of the domain names into the full-connection layer of the neural network model in order to obtain a trainedneural network model; and converting the domain names to be judged into a character sequence, inputting the trained neural network model, and outputting a judgment result.

Description

technical field [0001] The invention relates to the field of network security, in particular to a method for detecting malicious domain names based on SMOTE and BI-LSTM. . Background technique [0002] DGA (Domain Name Generation Algorithm) is a technical method that uses random characters to generate C&C domain names to evade domain name blacklist detection. In order to prevent C2 (Command&Control) traffic that generates DGA, security organizations must first discover the DGA algorithm through reverse engineering, and then generate a list of domains with a given seed, in order to deal with malicious domain names in a timely manner. DGA technology will greatly increase the difficulty of combating and shutting down central structure botnets (such as Conficker-A / B / C botnets, Kraben botnets, etc.): Botnets use this technology to dynamically generate domain names in order to avoid domain name blacklists. Faced with this situation, inspectors need to detect and identify the DGA...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L29/12G06N3/02G06N3/08G06K9/62
CPCH04L63/1416G06N3/02G06N3/08H04L61/4511G06F18/2413
Inventor 陈羽中张毓东
Owner FUZHOU UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap