Abstract
With the development of detection algorithms on malicious dynamic domain names, domain generation algorithms have developed to be more stealthy. The use of multiple elements for generating domains will lead to higher detection difficulty. To effectively improve the detection accuracy of algorithmically generated domain names based on multiple elements, a domain name syntax model is proposed, which analyzes the multiple elements in domain names and their syntactic relationship, and an adaptive embedding method is proposed to achieve effective element parsing of domain names. A parallel convolutional model based on the feature selection module combined with an improved dynamic loss function based on curriculum learning is proposed, which can achieve effective detection on multielement malicious domain names. A series of experiments are designed and the proposed model is compared with five previous algorithms. The experimental results denote that the detection accuracy of the proposed model for multiple-element malicious domain names is significantly higher than that of the comparison algorithms and also has good adaptability to other types of malicious domain names.
Highlights
Advanced Persistent reat (APT) attacks and botnets have become important threats to network security [1, 2]
Based on the domain name syntax tree model, this section firstly proposes an adaptive domain name element embedding method to map different elements to vectors, a parallel convolutional model based on a feature selection module is proposed to select features from different convolutional kernel branches to improve the accuracy of feature extraction, and a dynamic loss function based on curriculum learning is proposed to improve the training effect of the model
E proposed algorithm is compared with five algorithms on the ME-Domain Generation Algorithm (DGA) and ME-Stealthy Domain Generation Algorithm (SDGA) datasets, and the experimental results denote that the detection accuracy of the proposed algorithms for multielement dynamic domain names is higher than that of the comparison algorithms, and the detection accuracy of each domain type is significantly improved
Summary
Advanced Persistent reat (APT) attacks and botnets have become important threats to network security [1, 2]. With the development of detection techniques for malicious domain names, some researchers have designed DGAs that are more resistant to detection, such as a Stealthy Domain Generation Algorithm (SDGA) based on the Hidden Markov Model (HMM) [7] and the use of Generative Adversarial Networks GAN (GAN) to generate dynamic domain names [8]. To effectively improve the detection accuracy of multielements hybrid malicious domain names, a domain name multielement adaptive embedding method based on a domain name syntax model is proposed, which can realize the effective segmentation of various elements in domain names. Based on the adaptive embedding module, a parallel convolutional model based on the feature selection module is proposed, which, combined with a dynamic Focalloss function, can achieve effective feature extraction and classification of multielement hybrid malicious domain names.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
