恶意域名检测研究与应用综述

目前,网络安全问题层出不穷,特别是近年来以域名为依托的攻击,如勒索软件、垃圾邮件、DDos攻击等,成为网络安全威胁的重要表现形式。以域名攻击技术为主要攻击方式的网络威胁,经历了从传统的机器学习的检测方法到主流的深度学习检测方法的转变。发现神经网络能够很好地自学习恶意域名特征,并能提供更高的检测率。但随着检测技术的不断提高,攻击者提出了更智能的DGA域名来规避神经网络的检测,在后续的基于这些DGA变体的检测成为目前域名检测技术的主要研究方向。随着生成对抗网络在域名检测方面的应用,Anderson等提出利用GAN来生成对抗样本提高检测,为域名的检测发展提出新的发展方向。最后,总结域名检测的发展概况及其存在的问题,并对域名检测的可发展点做出展望。

OVERVIEW OF MALICIOUS DOMAIN NAME DETECTION AND APPLICATION

At present, network security issues are emerging, especially in recent years, domain-based attacks, such as ransomware, spam, DDos attacks, etc., have become an important manifestation of cyber security threats. The network threat with domain name attack technology as the main attack mode has experienced a transition from the traditional machine learning detection method to the mainstream deep learning detection method. It is found that the neural network can self-learn the malicious domain name feature and provide a higher detection rate. However, with the continuous improvement of detection technology, attackers have proposed smarter DGA domain names to avoid the detection of neural networks. The subsequent detection based on these DGA variants has become the main research direction of domain name detection technology. With the application of the anti-network in domain name detection, Anderson et al. proposed to use GAN to generate anti-sample detection, which proposed a new development direction for the development of domain name detection. Finally, we summarized the development of domain name detection and its existing problems, and prospected the development of domain name detection.