《计算机应用研究》|Application Research of Computers

基于生成对抗网络的恶意域名训练数据生成

Generation of malicious domain training data based on generative adversarial network

免费全文下载 (已被下载 次)  
获取PDF全文
作者 袁辰,钱丽萍,张慧,张婷
机构 北京建筑大学 电气与信息工程学院,北京 100044
统计 摘要被查看 次,已被下载
文章编号 1001-3695(2019)05-054-1540-04
DOI 10.19734/j.issn.1001-3695.2017.12.0762
摘要 当前僵尸网络大量采用DGA算法躲避检测,针对主流的基于人工规则的检测算法无法对最新产生的DGA域名进行识别检测和基于机器学习的检测算法缺乏演化的训练数据的问题,提出了一种基于ASCII编码方式定义域名编/解码器,并结合生成对抗网络构造域名字符生成器来预测生成DGA变体样本的方法。实验结果表明,在采用生成数据进行分类器训练和性能评估中,此方法生成的DGA域名变体样本可充当真实DGA样本,验证了生成数据的有效性并可用于DGA域名检测器的训练评估。
关键词 恶意域名; DGA; 生成对抗网络; 检测; 分类
基金项目 国家自然科学基金资助项目(61571144)
北京建筑大学博士基金资助项目(00331616014)
本文URL http://www.arocmag.com/article/01-2019-05-054.html
英文标题 Generation of malicious domain training data based on generative adversarial network
作者英文名 Yuan Chen, Qian Liping, Zhang Hui, Zhang Ting
机构英文名 College of Electrical & Information Engineering,Beijing University of Civil Engineering & Architecture,Beijing 100044,China
英文摘要 Many malware families such as botnet utilize domain generation algorithms(DGAs) to evade detection at present. The mainstream detection algorithms based on artificial rules and machine learning have some limitations due to the fact that DGAs generate domain characters timely and rapidly. The former is somewhat blind to new DGA variants. The latter suffers from the lack of evolving training data. In order to solve these problems, this paper defined domain encoder and decoder on account of the method of ASCII encoding and combined them with the concept of generative adversarial network(GAN) to construct domain character generator. Then it used the generator to predict and generate DGA variants. Experiment results show that the DGA variants generated by this method can act as real DGA samples when these variants are utilized to train and estimate classifiers. This verifies the validity of the generated data and they can be effectively utilized to train and estimate DGA domain detector.
英文关键词 malicious domains; DGA; GAN; detection; classification
参考文献 查看稿件参考文献
 
收稿日期 2017/12/18
修回日期 2018/1/30
页码 1540-1543,1568
中图分类号 TP391.4
文献标志码 A