检索结果-内蒙古大学图书馆

2023 International Conference on Sustainable Communication Networks and Application, ICSCNA 2023

作者： Gomathi, S. Samundeeswari, S. Ponmanirai, S. Nanthini, S. Vandayar Engineering College Department of Computer Science and Engineering Thanjavur India Saveetha School of Engineering Simats University Department of Computational Intelligence Thandalam India Saveetha School of Engineering Simats University Department of Department of Data Science Thandalam India

ISBN: (纸本)9798350313987

In the realm of cybersecurity, the evolution of network attacks necessitates innovative approaches for threat prediction and mitigation. Traditional methods often fall short in identifying novel attack patterns or adapting swiftly to emerging threats. This study explores the application of domain Generative algorithms (DGAs) in the context of network attack prediction. DGAs leverage advanced machine learning techniques to generate synthetic data samples representing various network attack scenarios. By training generative models on diverse and large-scale datasets comprising both historical attack data and benign network traffic, the algorithms learn intricate patterns intrinsic to different types of attacks. Through, systematic analysis of these synthetic attack instances, IDS and IPS algorithms can be fine-tuned to recognize subtle attack patterns that might elude conventional signature-based detection methods. This research underscores the pivotal role of DGAs in revolutionizing the landscape of network attack prediction. By harnessing the power of generative algorithms, organizations can proactively strengthen their cybersecurity posture, effectively mitigating the risks posed by an ever-evolving spectrum of network attacks. © 2023 IEEE.

关键词： Data Traffic Denial of Services domain generation algorithm Malware Network security Pattern Analysis

来源：评论

学校读者我要写书评

暂无评论

Campus Network Intrusion Detection Based on Gated Recurrent Neural Network and domain generation algorithm

引用

INTERNATIONAL JOURNAL OF ADVANCED COMPUTER SCIENCE AND APPLICATIONS 2023年第8期14卷 484-492页

作者： Rong, Qi Zhao, Guang Jilin Inst Architecture & Technol Party Comm Org Dept Changchun Peoples R China Shandong Univ Finance & Econ Sch Stat Jinan Peoples R China

Network attacks are diversified, rare and Universal generalization. This has made the exploration and construction of network information flow packet threat detection systems, which becomes a hot research topic in preventing network attacks. So this study establishes a network data threat detection model based on traditional network threat detection systems and deep learning neural networks. And convolutional neural network and data enhancement technology are used to optimize the model and improve rare data recognizing accuracy. The experiment confirms that this detection model has a recognition probability of approximately 11% and 42% for two rare attacks when N=1, respectively. When N=2, their probabilities are 52% and 78%, respectively. When N=3, their recognition probabilities are approximately 85% and 92%, respectively. When N=4, their recognition probabilities are about 58% and 68%, respectively, with N=3 having the best recognition effect. In addition, the recognition efficiency of this model for malicious domain name attacks and normal data remains around 90%, which has significant advantages compared to traditional detection systems. The proposed network data flow threat detection model that integrates Gated Recurrent Neural Network and domain generation algorithm has certain practicality and feasibility.

关键词： Gated recurrent domain generation algorithm campus network threat detection neural network

来源：评论

学校读者我要写书评

暂无评论

A Machine Learning Framework for domain generation algorithm-Based Malware Detection

引用

IEEE ACCESS 2019年 7卷 32765-32782页

作者： Li, Yi Xiong, Kaiqi Chin, Tommy Hu, Chengbin Univ S Florida Florida Ctr Cybersecur Intelligent Comp Networking & Secur Lab Tampa FL 33620 USA Rochester Inst Technol Dept Comp Secur Rochester NY 14623 USA

Attackers usually use a command and control (C2) server to manipulate the communication. In order to perform an attack, threat actors often employ a domain generation algorithm (DGA), which can allow malware to communicate with C2 by generating a variety of network locations. Traditional malware control methods, such as blacklisting, are insufficient to handle DGA threats. In this paper, we propose a machine learning framework for identifying and detecting DGA domains to alleviate the threat. We collect real-time threat data from the real-life traffic over a one-year period. We also propose a deep learning model to classify a large number of DGA domains. The proposed machine learning framework consists of a two-level model and a prediction model. In the two-level model, we first classify the DGA domains apart from normal domains and then use the clustering method to identify the algorithms that generate those DGA domains. In the prediction model, a time-series model is constructed to predict incoming domain features based on the hidden Markov model (HMM). Furthermore, we build a deep neural network (DNN) model to enhance the proposed machine learning framework by handling the huge dataset we gradually collected. Our extensive experimental results demonstrate the accuracy of the proposed framework and the DNN model. To be precise, we achieve an accuracy of 95.89% for the classification in the framework and 97.79% in the DNN model, 92.45% for the second-level clustering, and 95.21% for the HMM prediction in the framework.

关键词： Malware domain generation algorithm machine learning security networking

来源：评论

学校读者我要写书评

暂无评论

RL-Gen: A Character-Level Text generation Framework with Reinforcement Learning in domain generation algorithm Case 1

引用

26th International Conference on Neural Information Processing (ICONIP) of the Asia-Pacific-Neural-Network-Society (APNNS)

作者： Cheng, Hua Cai, Jing Fang, Yiquan East China Univ Sci & Technol Shanghai Peoples R China

ISBN: (数字)9783030368029

ISBN: (纸本)9783030368029;9783030368012

Malware families often use the domain generation algorithm (DGA) to communicate with the Command and Control (C&C) servers. Although machine learning and deep learning based methods have achieved good accuracy in DGA detection task, it has problems on the new DGA families with limited datasets. In this paper, RL-Gen, a Reinforcement Learning (RL) framework, is proposed to improve the performance of character-level text generation with few input samples. RL-Gen has two modules, W-Generator and Evaluator. W-Generator is an improved generation model based on WGAN-GP, which is regarded as an agent, and Evaluator acts as an environment to evaluate the generated text. Especially in DGA case, Evaluator is an effective DGA detection model (ATT-GRU). The parameters' updating of W-Generator is optimized by the reward from Evaluator, which promotes the generating abilities on speed and quality. Experiments show that the generated DGAs are sufficiently close to real DGAs, and can play an alternative role of real DGAs in detection model training. And RL-Gen gets better quality of text generation more quickly and smoothly than WGAN-GP.

关键词： domain generation algorithm DGA detection WGAN-GP Reinforcement Learning Character-level text generation

来源：评论

学校读者我要写书评

暂无评论

A Machine Learning Framework for Studying domain generation algorithm (DGA)-Based Malware 14th

A Machine Learning Framework for Studying Domain Generation ...

引用

14th European-Alliance-for-Innovation (EAI) International Conference on Security and Privacy in Communication Networks (SecureComm)

作者： Chin, Tommy Xiong, Kaiqi Hu, Chengbin Li, Yi Rochester Inst Technol Dept Comp Secur Rochester NY 14623 USA Univ S Florida Florida Ctr Cybersecur Tampa FL 33620 USA

ISBN: (纸本)9783030017019;9783030017002

Malware or threat actors use a Command and Control (C2) environment to proliferate and manage an attack. In a sophisticated attack, a threat actor often employs a domain generation algorithm (DGA) to cycle the network location in which malware communicates with C2. Network security controls such as blacklisting, implementing a DNS sinkhole, or inserting a firewall rule is a vital asset to an organization's security posture. However, all of them are typically ineffective against a DGA. In this paper, we propose a machine learning framework for identifying and clustering domain names to circumvent threats from a DGA. We collect a real-time threat intelligent feed over a six month period where all domains have threats on the public Internet at the time of collection. We then apply the proposed machine learning framework to study DGA-based malware. The proposed framework contains a two-level model, which consists of classification and clustering is used to first detect DGA domains and then identify the DGA of those domains. Our extensive experimental results demonstrate the accuracy of the proposed framework. To be precise, we achieve accuracies of 95.14% for the first-level classification and 92.45% for the second-level clustering, respectively.

关键词： Malware domain generation algorithm Machine learning Security Networking

来源：评论

学校读者我要写书评

暂无评论

Predicting domain generation algorithms with N-Gram Models

Predicting Domain Generation Algorithms with N-Gram Models

引用

International Conference on Big Data, Information and Computer Network (BDICN)

作者： Mu, ZiCheng Monash Univ Melbourne Vic Australia

ISBN: (纸本)9781665484763

The botnet is a severe threat to computer networks, and the detection of botnet behaviors is an important research area of cyber security. Malware authors leverage the domain generation algorithm (DGA) to generate bulks of pseudo-random domain names to connect to the Command and Control (C&C) server, which makes the detections and preventions extremely difficult. Previous work mostly defended against the DGA domains through pre-registering, sink-holeing or publishing blacklists after reverse engineering the malware. However, these approaches can be easily bypassed by malware authors. For most of the communications between the botnet and the C&C server, the first step is generally sending domain Name System (DNS) request packets. Thus, an alternative approach was based on capturing and analyzing the DNS traffic and classifying the domains. Most of the previous work tried to cluster the domains, and these techniques involved the usage of contextual information. Thus, it takes a long time period to run the algorithms, which means these techniques can not be used in real-time detection. Compared with the traditional methods, recent methods attempt to predict whether the domain is DGA generated based solely on the domain name string. Nevertheless, these methods involved human engineered features that can be readily circumvented by the attackers. In this paper, we proposed a method that extracts the linguistic features as well as applies machine learning algorithms to classify the domain name. To verify the performance of the proposed method, we designed and implemented a botnet detection system, and trained and tested the model with real data. The results demonstrate that the proposed method is able to capture the suspicious packets and accurately classify the domains. We evaluated our system with real traffic, it can correctly classify the DGA domains in 95% of the cases. Furthermore, when detecting unknown DGA domains, our system achieved a 88.5% accuracy.

关键词： Botnet domain generation algorithm Machine Learning

来源：评论

学校读者我要写书评

暂无评论

Detecting Stealthy domain generation algorithms Using Heterogeneous Deep Neural Network Framework

引用

IEEE ACCESS 2020年 8卷 82876-82889页

作者： Yang, Luhui Liu, Guangjie Dai, Yuewei Wang, Jinwei Zhai, Jiangtao Nanjing Univ Sci & Technol Sch Automat Nanjing 210094 Peoples R China Nanjing Univ Informat Sci & Technol Sch Elect & Informat Engn Nanjing 210044 Peoples R China Nanjing Univ Informat Sci & Technol Dept Comp & Software Nanjing 210044 Peoples R China

Distinguishing malicious domain names generated by various domain generation algorithms (DGA) is critical for defending a network against sophisticated network attacks. In recent years, stealthy domain generation algorithms (SDGA) have been proposed and revealed significantly stronger stealthiness comparing to the traditional character-based DGA. Existing state-of-the-art detection schemes are not effective enough for detecting SDGA. In this paper, we exploit the character-level characteristics of the SDGA domain names and propose a heterogeneous deep neural network framework (HDNN) for detecting SDGA. HDNN employs a proposed improved parallel CNN (IPCNN) architecture with multi-sizes of convolution kernel for extracting multi-scale local features from a domain name. The framework also contains a proposed self-attention based bidirectional long short term memory (SA-Bi-LSTM) architecture which can extract the bidirectional global features with attention mechanism from a domain name. Besides that, the focal loss function is introduced to mitigate the imbalance of the sample quantity in the training phase. The benchmark experiments are carried out based on the database composed of the collected benign domain names, real-world DGA and SDGA ones. Compared to the 6 influential deep-learning-based DGA detection schemes, the proposed scheme has achieved state-of-the-art detection results on SDGAs, and also achieved state-of-the-art results on binary and multiclass classification for traditional DGAs.

关键词： Feature extraction Neural networks Dictionaries Machine learning Servers Malware Hidden Markov models Convolutional neural network cyber security domain generation algorithm deep learning long short term memory

来源：评论

学校读者我要写书评

暂无评论

Exploiting statistical and structural features for the detection of domain generation algorithms

引用

JOURNAL OF INFORMATION SECURITY AND APPLICATIONS 2021年 58卷

作者： Patsakis, Constantinos Casino, Fran Univ Piraeus Dept Informat 80 Karaoli & Dimitriou Str Piraeus 18534 Greece Athena Res Ctr Informat Management Syst Inst Artemidos 6 Maroussi 15125 Greece

Nowadays, malware campaigns have reached a high level of sophistication, thanks to the use of cryptography and covert communication channels over traditional protocols and services. In this regard, a typical approach to evade botnet identification and takedown mechanisms is the use of domain fluxing through the use of domain generation algorithms (DGAs). These algorithms produce an overwhelming amount of domain names that the infected device tries to communicate with to find the Command and Control server, yet only a small fragment of them is actually registered. Due to the high number of domain names, the blacklisting approach is rendered useless. Therefore, the botmaster may pivot the control dynamically and hinder botnet detection mechanisms. To counter this problem, many security mechanisms result in solutions that try to identify domains from a DGA based on the randomness of their name. In this work, we explore hard to detect families of DGAs, as they are constructed to bypass these mechanisms. More precisely, they are based on the use of dictionaries or adversarial approaches so the generated domains seem to be user-generated. Therefore, the corresponding generated domains pass many filters that look for, e.g. high entropy strings or n-grams. To address this challenge, we propose an accurate and efficient probabilistic approach to detect them. We test and validate the proposed solution through extensive experiments with a sound dataset containing all the wordlist-based DGA families that exhibit this behaviour, as well as several adversarial DGAs, and compare it with other state-of-the-art methods, practically showing the efficacy and prevalence of our proposal.

关键词： Malware Botnets domain generation algorithm DNS

来源：评论

学校读者我要写书评

暂无评论

Detecting domain Names Generated by DGAs With Low False Positives in Chinese domain Names

引用

IEEE ACCESS 2024年 12卷 123716-123730页

作者： Lee, Huiju Yoo, Jeong Do Jeong, Seonghoon Kim, Huy Kang Korea Univ Sch Cybersecur Seoul 02841 South Korea Sookmyung Womens Univ Div Artificial Intelligence Engn Seoul 04310 South Korea

Attackers are known to utilize domain generation algorithms (DGAs) to generate domain names for command and control (C&C) servers and facilitate the distribution of uniform resource locators within malicious software. DGAs pose a significant threat to cybersecurity owing to their ability to dynamically generate unpredictable domain names. Extensive research is currently underway to detect the domain names created using DGAs. However, the high false positive rates when handling benign domain names in non-English languages pose a challenge. Thus, this study proposes a DGA detection method that effectively embeds non-English domain names to focus on Chinese domain names, which are referred to as domain names composed of Pinyin. The proposed method segments domain names into meaningful subwords for effective vector representation. Consequently, the FastText model learns the context information of the segmented subwords and embeds the domain name. Further, the deep learning-based detection model learns the vectorized domain names and determines whether a particular domain name is DGA-generated. We labeled the Chinese domain names among the benign domain names for our experiment. The experimental results show that the proposed method outperforms existing methods across all performance metrics on the entire test dataset. Notably, the proposed method minimizes the false positive rate, thereby enhancing detection reliability. In addition, it exhibits high performance, achieving a recall of 0.9873 and 0.9886 for Chinese and English domain names, respectively. This demonstrates that the proposed method consistently delivers high performance across various metrics and languages.

关键词： Feature extraction domain Name System Deep learning Servers Detectors Malware Long short term memory Chatbots Botnet deep learning domain generation algorithm embedding subword segmentation

来源：评论

学校读者我要写书评

暂无评论

BotDetector: a system for identifying DGA-based botnet with CNN-LSTM

引用

TELECOMMUNICATION SYSTEMS 2024年第2期85卷 207-223页

作者： Zang, Xiaodong Cao, Jianbo Zhang, Xinchang Gong, Jian Li, Guiqing Qufu Normal Univ Sch Cyber Sci & Engn Qufu Peoples R China Qilu Univ Technol Shandong Acad Sci Shandong Comp Sci Ctr Shandong Prov Key Lab Comp Networks Jinan Peoples R China Southeast Univ Key Lab Comp Network & Informat Integrat Minist Educ Nanjing Peoples R China

Botnets are one of the major threats to network security nowadays. To carry out malicious actions remotely, they heavily rely on Command and Control channels. DGA-based botnets use a domain generation algorithm to generate a significant number of domain names. By analyzing the linguistic distinctions between legitimate and DGA-based domain names, traditional machine learning schemes obtain great benefits. However, it is difficult to identify the ones based on wordlists or pseudo-random generated. Accordingly, this paper proposes an efficient CNN-LSTM-based detection model (BotDetector) that uses only a set of simple-to-compute, easy-to-compute character features. We evaluate our model with two open-source benchmark datasets (360 netlab, Bambenek) and real DNS traffic from the China Education and Research Network. Experimental results demonstrate that our algorithm improves by 1.6% in terms of accuracy and F1-score and reduces the computation time by 9.4% compared to other state-of-the-art alternatives. Remarkably, our work can identify botnet's covert communication channels that use domain names based on word lists or pseudo-random generation without any help of reverse engineering.

关键词： Network security Deep learning domain generation algorithm CNN LSTM Botnet DNS traffic

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：