基于SVM的DGA家族分类方法研究
首发时间:2020-03-04
摘要:为了检测溯源僵尸网络,大量学者对检测区分使用动态域名算法生成的DGA恶意域名进行了研究,但在规则匹配上大多采用逆向分析的方法,这对使用者的技术要求较高,同时会耗费大量时间和人力资源。本文在对DGA恶意域名检测的基础上,对恶意域名进行分析,找出区分明显的特征进行组合,从域名结构、域名字符特征、域名信息熵三个方面分析提取各个恶意域名家族的特征,并选用了SVM算法进行模型训练。在对DGA恶意域名进行家族分类过程中,利用高斯核函数进行转换,简化了SVM分类器的计算量,在保证分类准确度的同时提高了效率,最终,实验证明验证了该方法的有效性。
关键词: 网络安全 DGA分类 机器学习 特征工程 检测技术
For information in English, please click here
Research on DGA Family Classification Method Based on SVM
Abstract:In order to detect botnets, a large number of scholars have studied how to detect and distinguish malicious domain names, but most of them adopt the method of reverse analysis in rule matching, which requires high technical requirements for users and consumes a lot of time and human resources. Based on the detection of DGA malicious domain names, this paper analyzes the malicious domain names, finds out the distinguishing features and combines them, analyzes and extracts the features of each malicious domain name family from the three aspects of domain name structure, domain name character characteristics and domain name information entropy, and selects SVM algorithm for model training. In the process of family classification of DGA malicious domain names, the gaussian kernel function is used for transformation, which simplifies the computation of SVM classifier and improves the efficiency while ensuring the classification accuracy. Finally, the experiment proves the effectiveness of this method.
Keywords: network security DGA classification machine learning feature engineering detection technology
基金:
引用
No.****
同行评议
共计0人参与
勘误表
基于SVM的DGA家族分类方法研究
评论
全部评论0/1000