高级检索

    基于增强嵌入特征超图学习的恶意域名检测方法

    Malicious Domain Name Detection Method Based on Enhanced Embedded Feature Hypergraph Learning

    • 摘要: 攻击者利用域名灵活地实施各类网络攻击,诸多学者针对性地提出了一些基于统计特征和基于关联关系的恶意域名检测方法,但这2类方法在域名属性高阶关系表示方面存在不足,无法准确呈现域间全局高阶关系. 针对这类问题,提出一种基于嵌入式特征超图学习的恶意域名检测方法:首先基于域名空间统计特征利用决策树构建域名超图结构,利用决策树倒数第2层节点的输出结果作为先验条件形成超边,快速将域名流量之间的多阶关联关系清晰地表示出来;其次基于超图结构特征对字符嵌入特征进行增强编码,基于域名空间统计特征和域名字符嵌入编码特征从域名数据中挖掘出字符间隐藏的高阶关系;最后结合中国科技网真实的域名系统(domain name system,DNS)流量,对有效性和可行性进行了分析与评估,能够快速高效地检测隐蔽的恶意域名.

       

      Abstract: Attackers use the domain names to carry out various kinds of network attacks flexibly. Many scholars have put forward some malicious domain name detection methods based on statistical characteristics and association relationship. However, the two methods have shortcomings in the representation of higher-order relationship of domain name attributes, and cannot accurately present the global higher-order relationship between domains. To solve these problems, a malicious domain name detection method based on embedded feature hypergraph learning is proposed. Firstly, the domain name hypergraph structure is constructed by decision tree based on domain name spatial statistical characteristics. The output of the penultimate node of the decision tree is used as a priori condition to form a hyperedge, and the multi-order correlation between domain name traffic is quickly and clearly represented. Secondly, the character embedding features are enhanced based on the hypergraph structure features, and the hidden higher-order relationships between characters are mined from the domain name data based on the statistical characteristics of domain name space and the encoding characteristics of domain name character embedding. Finally, combined with the real domain name system traffic of China Science and Technology Network, the validity and feasibility are analyzed and evaluated, which can quickly and efficiently detect hidden malicious domain names.

       

    /

    返回文章
    返回