DGA domain name detection method based on GAN and Char-CNN

A domain name detection and domain name technology, which is applied in the field of network security, can solve the problem of low recall rate of DGA domain name detection, and achieve the effect of improving the detection recall rate, fast learning speed, and improved detection recall rate

Active Publication Date: 2020-05-29
XIDIAN UNIV
View PDF3 Cites 20 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The purpose of the present invention is to address the above-mentioned deficiencies in the prior art, and propose a DGA domain name detection method based on GAN and Char-CNN, which is used to solve the problem of low recall rate of detection of low-randomness DGA domain names in the prior art

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • DGA domain name detection method based on GAN and Char-CNN
  • DGA domain name detection method based on GAN and Char-CNN
  • DGA domain name detection method based on GAN and Char-CNN

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0038] The present invention will be further described in detail below in conjunction with the accompanying drawings and specific embodiments.

[0039] refer to figure 1 , the present invention comprises the following steps:

[0040] (1) Obtain training sample set and verification sample set:

[0041] (1a) sequentially select the top L popular domain names from the popular domain name set Alexa to form a training sample set A, L≥600000;

[0042] (1b) Randomly select M benign domain names with a category of 0 from the benign domain name set TRANCO, and mark the category of each benign domain name, and randomly select N DGA domain names with a category of 1 from the DGA domain name set DGArchive, and Label the category of each DGA domain name, then combine α*M benign domain names and α*N DGA domain names, and the labels corresponding to each domain name into a training sample set B, and combine the remaining M-α*M benign domain names and The remaining N-α*N DGA domain names a...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a DGA domain name detection method based on a GAN and a Char-CNN, which is used for solving the problem of low detection recall rate of a low-randomness DGA domain name in the prior art, and comprises the implementation steps of obtaining a training sample set and a verification sample set; constructing a generative adversarial network (GAN) and a character-level convolutional neural network (Char-CNN); carrying out iterative training on the GAN; obtaining an augmented training set; carrying out iterative training on a character-level convolutional neural network Char-CNN; and detecting the domain name based on the trained character-level convolutional neural network Char-CNN '. According to the method, the GAN is used for generating the adversarial domain name to augment the data set, the richness of the training sample set is improved, the error rate of the detection model is reduced through the residual block structure, the detection recall rate of the low-randomness DGA domain name is increased. Meanwhile, hyper-parameters needing to be calculated by the Char-CNN are few, and the training time of the detection model is shortened.

Description

technical field [0001] The invention belongs to the technical field of network security, relates to a DGA domain name detection method, in particular to a DGA domain name detection method based on GAN and Char-CNN, which can be used for locating infected hosts, shutting down botnets and defending against network attacks. Background technique [0002] A DGA domain name is a domain name that is regularly generated using the domain name generation algorithm DGA (Domain Generation Algorithms) based on random seeds such as numbers, dates, and Twitter hotspots. Cyber ​​attackers register DGA domains as a medium for bots to communicate with command and control servers, and this large number of potential DGA domains makes it difficult for law enforcement to effectively shut down botnets. DGA domain names seriously threaten the security of network hosts, especially the new low-random DGA domain names are more concealed and more threatening. Effective detection of DGA domain names is ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F16/955G06N3/04G06N3/08H04L29/06
CPCG06F16/9566G06N3/08H04L63/1416G06N3/048G06N3/045
Inventor 杨超杨延洲苏锐丹郑昱尤伟陈明哲王潇皓
Owner XIDIAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap