基于生成对抗网络的恶意域名训练数据生成方法

兰州理工大学学报 ›› 2023, Vol. 49 ›› Issue (6): 100-106.

• 自动化技术与计算机技术 • 上一篇下一篇

基于生成对抗网络的恶意域名训练数据生成方法

刘伟山^*1,2, 马旭琦^1,3, 汪航¹, 吴子琰¹

1.国家计算机网络应急技术处理协调中心甘肃分中心, 甘肃兰州 730000;
2.兰州理工大学机电工程学院, 甘肃兰州 730050;
3.兰州大学信息科学与工程学院, 甘肃兰州 730000

收稿日期:2022-01-14 出版日期:2023-12-28 发布日期:2024-01-05
通讯作者: 刘伟山(1989-),男,甘肃武威人,工程师.Email:wsliu1503@163.com

A generation method of malicious domain name training data based on generating adversarial network

LIU Wei-shan^1,2, MA Xu-qi^1,3, WANG Hang¹, WU Zi-yan¹

1. GSCERT, Lanzhou 730000, China;
2. School of Mechanical and Electrical Engineering, Lanzhou Univ. of Tech., Lanzhou 730050, China;
3. School of Information Science & Engineering, Lanzhou University, Lanzhou 730000, China

Received:2022-01-14 Online:2023-12-28 Published:2024-01-05

摘要/Abstract

摘要： 当前攻击者广泛采用域名生成算法(DGA)生成大量的随机域名来躲避检测.针对现有的DGA域名检测模型均是在已经公开的数据集上进行训练构建,无法对未知恶意域名进行有效检测的情况,利用真实域名数据训练自编码器,并将自编码器和生成对抗网络相结合,构造了一种新的DGA域名生成模型.实验表明,该模型产生的序列与Alexa域名在长度和字符分布等特征都很接近,而且能够有效降低基于长短期记忆网络的DGA域名分类器的性能.这些生成序列很好地丰富了恶意域名数据集,对其进一步利用,显著提升了现有DGA域名检测器的性能.

关键词: 恶意域名, DGA, 自编码器, 生成对抗网络

Abstract: Domain generation algorithm(DGA) is widely used by cyber attackers to generate a large number of random domain names to evade detection at present. While the existing DGA domain name detection can not effectively detect unknown malicious domains, because these models are all trained and constructed on publicly available datasets. In this paper, an autoencoder(AE) is first trained using real domain names, and then it is combined with the generative adversarial network(GAN) to construct a new DGA domain name generating model. Experiment results show that the sequences generated by this model are similar to the Alexa domain names in terms of length and character distribution, and it also can effectively reduce the performance of the DGA domain name classifier based on a long short-term memory (LSTM) network. These generated sequences enrich the malicious domain name dataset, which can significantly improve the performance of existing DGA domain name detectors with further utilization.

Key words: malicious domains, DGA, AE, GAN

中图分类号:

TP273

刘伟山, 马旭琦, 汪航, 吴子琰. 基于生成对抗网络的恶意域名训练数据生成方法[J]. 兰州理工大学学报, 2023, 49(6): 100-106.

LIU Wei-shan, MA Xu-qi, WANG Hang, WU Zi-yan. A generation method of malicious domain name training data based on generating adversarial network[J]. Journal of Lanzhou University of Technology, 2023, 49(6): 100-106.

参考文献

[1] 国家互联网应急处理协调中心.2020年中国互联网网络安全报告[EB/OL].(2021-07-21)[2021-10-30].https://www.cert.org.cn/publish/main/upload/File/2020%20Annual%20Report.pdf.
[2] 方滨兴,崔翔,王威.僵尸网络综述[J].计算机研究与发展,2011,48(8):1315-1331.
[3] 李可,方滨兴,崔翔,等.僵尸网络发展研究[J].计算机研究与发展,2016,53(10):2189-2206.
[4] WOODBRIDGE J,ANDERSON H S,AHUJA A,et al.Predicting domain generation algorithms with long short-term memory networks[J/OL].[2021-10-12].http://arxiv.org/1611.00791.pdf.
[5] HOCHREITER S,SCHMIDHUBER J.Long short-term mem-ory[J].Neural Computation,1997,9(8):1735-1780.
[6] YU B,PAN J,HU J M,et al.Character level based detection of DGA domain names[C]//2018 International Joint Conference on Neural Networks (IJCNN).Rio de Janeiro:IEEE,2018:1-8.
[7] 袁辰,钱丽萍,张慧,等.基于生成对抗网络的恶意域名训练数据生成[J].计算机应用研究,2019,36(5):1540-1543.
[8] ANDERSON H S,WOODBRIDGE J,FILAR B.DeepDGA:adversarially-tuned domain generation and detection[C]//Proceedings of the 2016 ACM Workshop on Artificial Intelligence and Security.Vienna:ACM,2016:13-21.
[9] 张澍寰.基于深度学习的恶意域名检测方法研究[D].兰州:兰州理工大学,2021.
[10] AN J,CHO S.Variational autoencoder based anomaly detection using reconstruction probability[J].Special Lecture on IE,2015,2(1):1-18.
[11] GOODFELLOW I J,POUGET-ABADIE J,MIRZA M,et al.Generative adversarial nets[C/OL].[2021-10-12].https://proceedings.neurips.cc/papaer_files/paper/2014/file/sca3e9b122f61f8f06494c97b1afccf3-Paper.pdf.
[12] GOODFELLOW I J,BENGIO Y,COURVILLE A.Deep learning[M].Cambridge:MIT Press,2016.
[13] CRESWELL A,WHITE T,DUMOULIN V,et al.Generative adversarial networks:an overview[J].IEEE Signal Processing Magazine,2018,35(1):53-65.
[14] 王媛媛,吴春江,刘启和,等.恶意域名检测研究与应用综述[J].计算机应用与软件,2019,36(9):311-314.
[15] GRETTON A,BORGWARDT K M,RASCH M J,et al.A kernel two-sample test[J].The Journal of Machine Learning Research,2012,13(1):723-773.
[16] GOVINDAN R,REDDY A.An analysis of internet inter-domain routing and route stability[C]//IEEE INFOCOM’97.Kobe:IEEE,1997:850-857.

基于生成对抗网络的恶意域名训练数据生成方法

A generation method of malicious domain name training data based on generating adversarial network

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 2

编辑推荐

Metrics

本文评价

[1]	陈勇群, 陈玉成, 胡华淼, 戴佳浩, 康潆允, 王巍. 基于生成对抗网络的IPv6地址存活性预测[J]. 兰州理工大学学报, 2023, 49(4): 102-107.
[2]	王志文, 曹旭, 黄涛. 基于SAE-SVM的CPS攻击检测[J]. 兰州理工大学学报, 2021, 47(2): 72-79.