DGA domain name detection method and system, medium, equipment and terminal

A domain name detection and domain name technology, applied in the field of computer networks, can solve the problems of not being able to deal with variant DGA family DGA domain names, and being unable to solve the learning requirements of extremely difficult and extremely unbalanced classes, so as to achieve fast and accurate classification effects, improve classification accuracy, and reduce the effect of time

Pending Publication Date: 2022-07-29
XIDIAN UNIV
View PDF8 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] (1) The current attack methods are gradually combined with new technologies such as big data and artificial intelligence, and are constantly updated and iterated. None of the existing methods can deal with the variant DGA family and those DGA domain names that are increasingly similar to legitimate domain names.
[0006] (2) In the real and complex network environment, the existing methods cannot solve the extreme inconsistency between "a large number of normal legal domain names with wide distribution of characteristics" and "domain names of DGA families with unbalanced distribution of characteristics and difficulty in obtaining samples". Balance phenomenon and small sample learning requirements

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • DGA domain name detection method and system, medium, equipment and terminal
  • DGA domain name detection method and system, medium, equipment and terminal
  • DGA domain name detection method and system, medium, equipment and terminal

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0058] The DGA domain name detection method based on the twin architecture provided by the embodiment of the present invention includes sample pairing rules for pairing and using each type of domain name; a preprocessing layer, an embedding layer, a feature extraction layer and a similarity degree for fitting the domain name feature space include The twin architecture model Siam-BLA of the computing layer, the network BLA for extracting domain name features obtained by splitting its structure, and the module Weighted-v&d for measuring the exclusive similarity of two domain names; represent the characteristics of each category. Calculation method of reference vector; efficient twin-architecture multi-classification and unknown class recognition algorithm.

[0059] like figure 1 As shown, the DGA domain name detection method provided by the embodiment of the present invention includes the following steps:

[0060] S101, pairing the collected samples including normal domain name...

Embodiment 2

[0079] like figure 2 As shown in the figure, the method for detecting a DGA domain name based on the twin architecture provided by the embodiment of the present invention includes: using the twin architecture sample pairing rule to perform domain name pairing on the collected samples including normal domain names and DGA domain names of various categories to satisfy the twin architecture dual-input training The balance of the training of the same and different samples required by the mechanism and to overcome the extreme class imbalance in the complex network environment of the current network; establish a learning model Siam-BLA based on the Siamese architecture for training and fitting the complex feature space of domain names, including pre- The processing layer, the embedding layer, the feature extraction layer and the similarity calculation layer; the feature extraction network BLA for extracting domain name features obtained from the Siam-BLA split structure of the train...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention belongs to the technical field of computer networks, and discloses a DGA domain name detection method and system, a medium, equipment and a terminal. The twinborn architecture model Siam-BLA is used for fitting a domain name feature space and comprises a preprocessing layer, an embedding layer, a feature extraction layer and a similarity calculation layer, the network BLA is obtained by splitting the structure of the twinborn architecture model Siam-BLA and is used for extracting domain name features, and the module Weighted-vamp is used for carrying out exclusive similarity measurement on two domain names; d; calculating a reference vector representing each category of feature condition; and an efficient twin architecture multi-classification and unknown class identification algorithm is provided. According to the technical scheme, feature engineering and large-scale data labeling are not needed, the recognition accuracy rate reaches 98% or above, the accuracy rate of part of categories is even 100%, the classification accuracy rate in a small sample environment is improved, and the time of a twin architecture for multi-classification prediction is shortened.

Description

technical field [0001] The invention belongs to the technical field of computer networks, and in particular relates to a DGA domain name detection method, system, medium, device and terminal. Background technique [0002] At present, in cyberspace, attackers often use Trojan horse programs, worms and other malicious programs to attack or control devices such as computers and smart phones used by users. Once a user's device is under control, it becomes part of a "botnet" controlled by an attacker. The attacker then sends instructions through the Internet to steal the privacy of the user's device, or the remote control device participates in a denial-of-service attack on a specific target server. Attackers use Domain Generation Algorithm (DGA) in order to avoid detection and attack, and also to make the communication of "botnet" smooth. This method makes the attacker do not need to write the attacker's fixed domain name information or IP address in the malicious program, but...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/40H04L61/4511
CPCH04L63/1416H04L63/1425
Inventor 付玉龙弓弛李智华
Owner XIDIAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap