Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Malicious domain name detection method based on comparative learning under limited training samples

A technology for training samples and domain name detection, which is applied in the field of cyberspace security, can solve problems such as imbalance, and achieve the effect of improving classification efficiency and information utilization

Active Publication Date: 2022-02-25
SOUTHEAST UNIV
View PDF6 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In existing studies, both ML and DL methods are based on sufficient samples (multiple million levels), and only use category weights to alleviate the problem of sample imbalance, which cannot be well adapted to the situation of limited training samples.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious domain name detection method based on comparative learning under limited training samples
  • Malicious domain name detection method based on comparative learning under limited training samples
  • Malicious domain name detection method based on comparative learning under limited training samples

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0050] The technical solutions provided by the present invention will be described in detail below in conjunction with specific examples. It should be understood that the following specific embodiments are only used to illustrate the present invention and are not intended to limit the scope of the present invention.

[0051] The present invention proposes a malicious domain name detection method based on comparative learning under limited training samples, and the implementation steps are as follows: figure 1 As shown, it includes three parts. The first part is to train the feature extractor based on the Siamese network. The specific content is to first obtain the finite domain name training sample set in the form of label encoding, pair up the positive and negative sample pairs according to the attributes, and then design two BiLSTM-based sub-networks with the same structure and different weights, and then use the twin network framework to connect the two sub-networks to desi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a malicious domain name detection method based on comparative learning under a limited training sample, and the method specifically comprises the steps: introducing a comparative learning thought to design a neural feature extractor based on a twin network, constructing similar / heterogeneous label coding domain name pairs, and carrying out training; inputting the obtained domain name neural feature vector set into a machine learning algorithm model, and conducting training to obtain a domain name classifier; and sequentially inputting the domain name to be detected into the feature extractor and the domain name classifier to obtain a discrimination result. According to the method, the problem of insufficient samples is relieved from the perspective of data, the features can be automatically extracted, and the features have high distinction degree, so that further detection is facilitated, malicious domain name samples can be more effectively detected, communication in malicious activities can be intercepted, further propagation of the communication is avoided, and therefore, the security defense and supervision capability on common hostile attack modes such as botnets and the like is improved.

Description

technical field [0001] The invention belongs to the technical field of cyberspace security, and relates to a method for detecting malicious domain names based on comparative learning under limited training samples. Background technique [0002] Some common malicious attack modes, such as botnets, phishing websites, and ransomware, pose a huge threat to normal network activities and become a research hotspot in the security field. Domain names play a pivotal role in these malicious activities. Attackers use Domain Generation Algorithms (DGA) to generate a large number of alternative malicious domain names (called Algorithmically-Generated Domains, AGD) and select a small number for registration. Due to the large number of such malicious domain names, rapid changes, and short life cycle, traditional blacklist security detection methods are ineffective against these attack modes. The zombie host can establish a connection with a remote command and control server (Command&Cont...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/40G06K9/62G06N3/04G06N3/08
CPCH04L63/1483G06N3/08H04L2463/144H04L2463/146G06N3/044G06F18/254G06F18/259G06F18/241
Inventor 胡晓艳栗淼程光吴桦龚俭
Owner SOUTHEAST UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com