- 中国精品科技期刊
- CCF推荐A类中文期刊
- 计算领域高质量科技期刊T1类
| Citation: |
Wei Jinxia, Long Chun, Fu Hao, Gong Liangyi, Zhao Jing, Wan Wei, Huang Pan. Malicious Domain Name Detection Method Based on Enhanced Embedded Feature Hypergraph Learning[J]. Journal of Computer Research and Development, 2024, 61(9): 2334-2346. DOI: 10.7544/issn1000-1239.202330117
|
Wei Jinxia: born in 1987. PhD, senior engineer, master supervisor. Her main research interests include artificial intelligence-based network unknown attack detection, malicious domain name detection, and network traffic analysis
Long Chun: born in 1979. PhD, senior engineer, PhD supervisor. Member of CCF. His main research interests include artificial intelligence-based network unknown attack detection, malicious domain name detection, and network traffic analysis
Fu Hao: born in 1999. Master candidate. His main research interests include malicious domain name detection, network traffic analysis, and machine learning
Gong Liangyi: born in 1987. PhD, senior engineer, master supervisor. Member of CCF. His main research interests include network attack detection, malicious domain name detection, Web attack analysis, and machine learning
Zhao Jing: born in 1987. PhD, senior engineer, master supervisor. Her main research interests include artificial intelligence-based network attack detection and security log analysis
Wan Wei: born in 1982. PhD, senior engineer, master supervisor. Member of CCF. His main research interests include network unknown attack detection, malicious domain name detection, network traffic analysis, and machine learning
Huang Pan: born in 2000. Bachelor, engineer. His main research interests include Web attack detection, penetration testing, and malicious domain name analysis
Attackers use the domain names to carry out various kinds of network attacks flexibly. Many scholars have put forward some malicious domain name detection methods based on statistical characteristics and association relationship. However, the two methods have shortcomings in the representation of higher-order relationship of domain name attributes, and cannot accurately present the global higher-order relationship between domains. To solve these problems, a malicious domain name detection method based on embedded feature hypergraph learning is proposed. Firstly, the domain name hypergraph structure is constructed by decision tree based on domain name spatial statistical characteristics. The output of the penultimate node of the decision tree is used as a priori condition to form a hyperedge, and the multi-order correlation between domain name traffic is quickly and clearly represented. Secondly, the character embedding features are enhanced based on the hypergraph structure features, and the hidden higher-order relationships between characters are mined from the domain name data based on the statistical characteristics of domain name space and the encoding characteristics of domain name character embedding. Finally, combined with the real domain name system traffic of China Science and Technology Network, the validity and feasibility are analyzed and evaluated, which can quickly and efficiently detect hidden malicious domain names.
| [1] |
Schüppen S, Teubert D, Herrmann P, et al. FANCI: Feature-based automated NXdomain classification and intelligence[C]//Proc of the 27th USENIX Security Symp. Berkeley, CA: USENIX Association, 2018: 1165−1181
|
| [2] |
Liu Zhenyan, Zeng Yifei, Zhang Pengfei, et al. An imbalanced malicious domains detection method based on passive DNS traffic analysis[J]. Security and Communication Networks, 2018, 2018(4): 1−7
|
| [3] |
Sun Xiaoqing, Wang Zhiliang, Yang Jiahai, et al. Deepdom: Malicious domain detection with scalable and heterogeneous graph convolutional networks[J]. Computers & Security, 2020, 99(4): 102057
|
| [4] |
Hou Y, Chang Yimeng, Chen T, et al. Malicious Web content detection by machine learning[J]. Expert Systems with Applications, 2010, 37(1): 55−60 doi: 10.1016/j.eswa.2009.05.023
|
| [5] |
Rieck K, Trinius P, Willems C, et al. Automatic analysis of malware behavior using machine learning[J]. Journal of Computer Security, 2011, 19(4): 639–668
|
| [6] |
Van T, Giang N. A method for detecting DGA botnet based on semantic and cluster analysis[C]//Proc of the 7th Symp on Information and Communication Technology. New York: ACM, 2016: 272–277
|
| [7] |
Zang Xiaodong, Gong Jian, Hu Xiaoyan, et al. Malicious domain name detection based on AGD[J]. Journal of Communications, 2018, 39 (7): 15−25
|
| [8] |
Can N V, Tu D N, Tuan T A, et al. A new method to classify malicious domain name using Neutrosophic sets in DGA botnet detection[J]. Journal of Intelligent & Fuzzy Systems, 2020, 38(4): 4223−4236
|
| [9] |
Antonakakis M, Perdisci R, Nadji Y, et al. From throw-away traffic to bots: Detecting the rise of DGA-based malware[C]//Proc of the 21st USENIX Security Symp. Berkeley, CA: USENIX Association, 2012: 491−506
|
| [10] |
Chin T, Xiong Kaiqi, Hu Chengbin, et al. A machine learning framework for studying domain generation algorithm (DGA)-based malware[C]//Proc of the 14th Int Conf on Security and Privacy in Communication Systems. Berlin: Springer, 2018: 433−448
|
| [11] |
Wang Qing, Li Linyu, Jiang Bo, et al. Malicious domain detection based on k-means and smote[C]//Proc of the 20th Int Conf on Computational Science. Berlin: Springer, 2020: 468−481
|
| [12] |
Vinayakumar R, Soman K, Poornachandran P. Detecting malicious domain names using deep learning approaches at scale[J]. Journal of Intelligent & Fuzzy Systems, 2018, 34(3): 1355−1367
|
| [13] |
Selvi J, Rodríguez R J, Soria-Olivas E. Detection of algorithmically generated malicious domain names using masked n-grams[J]. Expert Systems with Applications, 2019, 124(15): 156−163
|
| [14] |
Anderson H S, Woodbridge J, Filar B. Deepdga: Adversarially-tuned domain generation and detection[C]//Proc of the 2016 ACM Workshop on Artificial Intelligence and Security. New York: ACM, 2016: 13−21
|
| [15] |
Ren Fangli, Jiang Zhengwei, Wang Xuren, et al. A DGA domain names detection modeling method based on integrating an attention mechanism and deep neural network[J]. Cybersecurity, 2020, 3(1): 1−13 doi: 10.1186/s42400-019-0043-x
|
| [16] |
Ravi V, Alazab M, Srinivasan S, et al. Adversarial defense: DGA-based botnets and DNS homographs detection through integrated deep learning[J]. IEEE Transactions on Engineering Management, 2021, 70(1): 249−266
|
| [17] |
Opara C, Wei Bo, Chen Yingke. Htmlphish: Enabling phishing Web page detection by applying deep learning techniques on html analysis[C]//Proc of the 2020 Int Joint Conf on Neural Networks. Piscataway, NJ: IEEE, 2020: 6906−6913
|
| [18] |
Yuan Jianting, Liu Yipeng, Yu Long. A novel approach for malicious URL detection based on the joint model[J]. Security and Communication Networks, 2021, 2021(6): 1−12
|
| [19] |
彭成维,云晓春,张永铮,等. 一种基于域名请求伴随关系的恶意域名检测方法[J]. 计算机研究与发展,2019,56(6):1263−1274
Peng Chengwei, Yun Xiaochun, Zhang Yongzheng, et al. A malicious domain name detection method based on domain name request adjoint[J]. Journal of Computer Research and Development, 2019, 56(6): 1263−1274 (in Chinese)
|
| [20] |
张维维,龚俭,刘茜,等. 基于词素特征的轻量级域名检测算法[J]. 软件学报,2016,27(9):2348−2364
Zhang Weiwei, Gong Jian, Liu Qian, et al. Lightweight domain name detection algorithm based on morpheme features[J]. Journal of Software, 2016, 27(9): 2348−2364 (in Chinese)
|
| [21] |
杜鹏,丁世飞. 基于混合词向量深度学习模型的DGA域名检测方法[J]. 计算机研究与发展,2020, 57(2): 433−446
Du Peng, Ding Shifei. DGA domain name detection method based on mixed word vector deep learning model[J]. Journal of Computer Research and Development, 2020, 57(2): 433−446 (in Chinese)
|
| [22] |
Zou Futai, Zhang Siyu, Rao Weixiong, et al. Detecting malware based on DNS graph mining[J]. International Journal of Distributed Sensor Networks, 2015, 2015: 1−12
|
| [23] |
Zhang Jialong, Saha S, Gu Guofei, et al. Systematic mining of associated server herds for malware campaign discovery[C]//Proc of the 35th IEEE Int Conf on Distributed Computing System. Piscataway, NJ: IEEE, 2015: 630–641
|
| [24] |
Rahbarinia B, Perdisci R, Antonakakis M. Segugio: Efficient behavior-based tracking of malware-control domains in large ISP networks[C]//Proc of the 45th Annual IEEE/IFIP Int Conf on Dependable Systems and Networks. New York: ACM, 2015: 403–414
|
| [25] |
Stevanovic M, Pedersen J M, Alessandro D, et al. A method for identifying compromised clients based on DNS traffic analysis[J]. International Journal of Information Security, 2017, 16(2): 115−132 doi: 10.1007/s10207-016-0331-3
|
| [26] |
Peng Chengwei, Yun Xiaochun, Zhang Yongzheng, et al. Discovering malicious domains through alias-canonical graph[C]//Proc of the 2017 IEEE Trustcom/BigDataSE/ICESS. Piscataway, NJ: IEEE, 2017: 225–232
|
| [27] |
Sun Xiaoqing, Tong Mingkai, Yang Jiahai, et al. HinDom: A robust malicious domain detection system based on heterogeneous information network with transductive classification[C]//Proc of the 22nd Int Symp on Research in Attacks, Intrusions and Defenses. Berkeley, CA: USENIX Association, 2019: 399–412
|
| [1] | Wang Haotian, Ding Yan, He Xianhao, Xiao Guoqing, Yang Wangdong. SparseMode: A Sparse Compiler Framework for Efficient SpMV Vectorized Code Generation[J]. Journal of Computer Research and Development. DOI: 10.7544/issn1000-1239.202550139 |
| [2] | Yan Zhiyuan, Xie Biwei, Bao Yungang. HVMS: A Hybrid Vectorization-Optimized Mechanism of SpMV[J]. Journal of Computer Research and Development, 2024, 61(12): 2969-2984. DOI: 10.7544/issn1000-1239.202330204 |
| [3] | Feng Jingge, He Yeping, Tao Qiuming, Ma Hengtai. SLP Vectorization Method Based on Multiple Isomorphic Transformations[J]. Journal of Computer Research and Development, 2023, 60(12): 2907-2927. DOI: 10.7544/issn1000-1239.202220354 |
| [4] | Li Xiaodan, Wu Wenling, Zhang Li. Efficient Search for Optimal Vector Permutations of uBlock-like Structures[J]. Journal of Computer Research and Development, 2022, 59(10): 2275-2285. DOI: 10.7544/issn1000-1239.20220485 |
| [5] | Chen Yu, Liu Zhongjin, Zhao Weiwei, Ma Yuan, Shi Zhiqiang, Sun Limin. A Large-Scale Cross-Platform Homologous Binary Retrieval Method[J]. Journal of Computer Research and Development, 2018, 55(7): 1498-1507. DOI: 10.7544/issn1000-1239.2018.20180078 |
| [6] | Li Junnan, Yang Xiangrui, Sun Zhigang. DrawerPipe: A Reconfigurable Packet Processing Pipeline for FPGA[J]. Journal of Computer Research and Development, 2018, 55(4): 717-728. DOI: 10.7544/issn1000-1239.2018.20170927 |
| [7] | Zhao Jianghua, Mu Shuting, Wang Xuezhi, Lin Qinghui, Zhang Xi, Zhou Yuanchun. Crowdsourcing-Based Scientific Data Processing[J]. Journal of Computer Research and Development, 2017, 54(2): 284-294. DOI: 10.7544/issn1000-1239.2017.20160850 |
| [8] | Luo Zhangqi, Huang Kun, Zhang Dafang, Guan Hongtao, Xie Gaogang. A Many-Core Processor Resource Allocation Scheme for Packet Processing[J]. Journal of Computer Research and Development, 2014, 51(6): 1159-1166. |
| [9] | Wen Shuguang, Xie Gaogang. libpcap-MT: A General Purpose Packet Capture Library with Multi-Thread[J]. Journal of Computer Research and Development, 2011, 48(5): 756-764. |
| [10] | Tian Daxin, Liu Yanheng, Li Yongli, Tang Yi. A Fast Matching Algorithm and Conflict Detection for Packet Filter Rules[J]. Journal of Computer Research and Development, 2005, 42(7): 1128-1135. |
微信订阅号
(实时资讯)
微信服务号
(同步网站)
微信视频号
(视频分享)
CCF
(扫码入会)
Copyright © Editorial Department of Computer Research and Development
Supported by: Beijing Renhe Information Technology Co.,
Ltd. 
DownLoad: