| The Domain Name System(DNS)is a distributed database system used to map domain names to each other and to IP(Internet Protocol)addresses.DNS allows users on the Internet to access websites by using easy-to-remember domain names instead of IP addresses.However,DNS itself is not defensible,making it an entry point for attackers to attack the network.Examples include DNS hijacking and spoofing,phishing,malware distribution,and cyber fraud,and these attacks have significant implications for the security of networks and users.Therefore,it is important to design classification models to quickly and accurately detect malicious domain names and prevent them from being abused by malicious users,so that the security threats to the network can be effectively reduced.This article aims to evaluate the domain names to be detected by considering the accuracy,range,actual processing time and model size of domain name detection,using deep learning convolutional neural networks and theories and technique s related to natural language processing.In this a rticle,two novel detection models are proposed,including CWNet(Character and Word Network),a malicious domain name detection model based on the fusion of character and word features,and LW-CWNet(Light-Weighted Character and Word Network),a fast malicious domain name detection model based on full convolution network.The main research work of this article is as follows:1.In order to solve the problem that the existing malicious domain name detection methods do not have high performance in detecting malicious domain names randomly generated by Domain Generation Algorithm(DGA)and have poor results in detecting malicious domain names composed of random words,we propose a malicious domain name detection model CWNet based on the fusion of character and word features.The model first uses parallel convolutional neural networks to extract the character and word features of domain names separately,then splices the two extracted features to construct a fusi on feature containing the character and word information of domain names,and finally the output layer uses Softmax function to obtain the classification prediction results of domain names to be tested.The loss function uses Focal Loss to reduce the effec t of simple samples on the loss function,focus more on difficult to classify samples,and improve the model classification performance.The experimental results show that the model can improve the detection performance of malicious domain names,and the detection ability of more challenging malicious domain name families is improved more significantly.2.To address the problem that the CWNet model has too many computations and parameters,and the model occupies a large amount of memory,which makes it difficult to be applied in real scenarios,a fast malicious domain name detection model based on full convolution LW-CWNet is proposed on top of the CWNet model.This model first constructs a lightweight parallel convolutional neural network by using deep separable convolution instead of the traditional convolutional The model firstly constructs a lightweight parallel convolutional neural network by using deep separable convolution instead of the traditional convolutional neural network model,then uses a global average pooling layer with fewer parameters instead of a fully connected layer to obtain a lightweight malicious domain name detection model,and finally uses label smoothing to prevent the model from overfitting during the training process and improve the generalization ability of the model.The experimental results show that the LW-CWNet model can maintain high domain name detection accuracy with a significantly reduced number of parameters.Compared with other malicious domain name detection models,the model has significantly improved the efficiency,accuracy and model size in classifying domain names. |
PDF Full Text Request