Research On DGA Domain Name Detection Method Based On Machine Learning

With the rapid growth of the Internet,cyber security issues have become more prominent,with malicious domain names being one of the main concerns of researchers.Researchers use different approaches to solve this problem,and deep learning algorithms play an important role in the field of machine learning,especially in computer vision,multi-task machine learning and natural language processing.The purpose of this paper is to explore the application of deep learning algorithms in malicious domain name detection.Firstly,machine learning algorithms are introduced,and then the application of deep learning in malicious domain name detection is briefly described.Next,the advantages of machine learning algorithms for detecting malicious domain names are explored and the effectiveness of some deep learning models to detect malicious domain names is provided.Finally,improvements to machine learning methods are presented and experimental results are provided to verify the effectiveness of the algorithms in detecting malicious domain names.The main work and results are as follows.(1)A malicious domain name detection model based on improved feature-based machine learning methods.By collecting a large number of domain names and constructing a domain name dataset,we use statistical methods to extract useful features from them,including the string information of the domain name itself,which are eventually used for malicious domain name detection and validated on the actual dataset.The experiments show that the method has a lower false alarm rate and higher detection efficiency for detecting malicious domain names compared to traditional machine learning methods.(2)To address the high false alarm rate and slow detection efficiency of traditional machine learning methods,this paper proposes a method based on Self-Attention Mechanism of Convolutional Neural Network(SA-CNN),which does not require the use of statistical methods to extract features,using Convolutional Neural Network(CNN)and Self-Attention Mechanism,by applying the Self-Attention Mechanism layer to the Convolutional Neural Network layer,we can map malicious domain names to the low dimensional space,thus extracting useful features.Based on these features,we construct a classifier to determine whether the domain name is malicious or not.The accuracy,recall,F1 score,and AUC index of the SA-CNN model proposed in this article on the experimental dataset.The numbers are 96.5%,96.8%,96.8%,and 98.4% respectively,which significantly improves the accuracy of malicious domain name detection.(3)For the detection scenario of special malicious data families,this paper proposes a malicious domain name detection model based on improved domain name randomness algorithm combined with Bi LSTM.The model adds new thresholds to the randomness algorithm to further determine whether a domain name is a malicious domain name,and uses it as the initial detection of DGA domain names,and then combines the Bi LSTM algorithm to achieve the classification of DGA domain names for different DGA domain name families,and uses the results of the classification as the results of the experimental detection.The experimental results show that the accuracy,recall,F1 score,and AUC of the MRA-Bi LSTM model proposed in this paper on the DGArchive dataset are 98%,97%,97.5%,and 98.7%,respectively.Compared with other unsupervised algorithms,this method significantly improves the accuracy of anomaly detection and successfully reduces false positives.