Malicious Domain Name Detection Based on Doc2vec and Hybrid Network

Abstract

In traditional malicious domain name detection algorithms, machine learning detection methods take a long time to extract features and the extraction methods are more complex; deep learning detection methods are easy to lose the semantic features of the entire domain name, and the detection results of a single neural network for different sample data sets are unstable . In response to the above problems, a malicious domain name detection method based on Doc2vec and hybrid network was proposed, and a new DLR (Doc2vec-LSTM-RNN) detection model was constructed. The word vector is constructed using the Doc2vec algorithm optimized on the basis of the Word2vec algorithm, which retains the semantic information of the domain name as a whole; and mixes the bidirectional LSTM network and the bidirectional RNN network in series to carry out deep-level feature extraction and enhance the robustness of the detection model; finally the Softmax function is used to output the classification result. Experimental data shows that this method has excellent performance in malicious domain name detection. Compared with traditional machine learning and deep learning detection methods, it has higher detection accuracy.