信息网络安全 ›› 2020, Vol. 20 ›› Issue (6): 82-89.doi: 10.3969/j.issn.1671-1122.2020.06.010

• 技术研究 • 上一篇    下一篇

基于思维进化算法优化S-Kohonen神经网络的恶意域名检测模型

罗峥1(), 张学谦2   

  1. 1.公安部第三研究所,上海 200031
    2.四川省公安厅网络安全保卫总队,成都 610000
  • 收稿日期:2020-01-15 出版日期:2020-06-10 发布日期:2020-10-21
  • 通讯作者: 罗峥 E-mail:roger@cspec.org.cn
  • 作者简介:罗峥(1970—),男,浙江,高级工程师,硕士,主要研究方向为网络安全|张学谦(1981—),男,重庆,本科,主要研究方向为网络安全、等级保护

A Malicious Domain Name Detection Model Based on S-Kohonen Neural Network Optimized by Evolutionary Thinking Algorithm

LUO Zheng1(), ZHANG Xueqian2   

  1. 1. The Third Research Institute of The Ministry of Public Security,Shanghai 200031, China
    2. Cyber Security Team of Sichuan Provincial Public Security Department, Chengdu 610000, China
  • Received:2020-01-15 Online:2020-06-10 Published:2020-10-21
  • Contact: LUO Zheng E-mail:roger@cspec.org.cn

摘要:

恶意域名作为目前互联网攻击的主要手段,给用户和企业带来巨大的网络使用的风险。为了更有效地抵御恶意域名的攻击,保障网络空间的安全性,文章提出了一种基于思维进化算法优化S-Kohonen神经网络的恶意域名检测模型。该模型利用Kohonen神经网络,在隐藏层后额外添加一个输出层,将其改进为有监督的神经网络S-Kohonen,使其更好地学习恶意域名的相关特征,再利用思维进化算法进行结合,优化神经网络的初始权值和阈值,最终得出的模型可以快速、准确地检测出恶意域名。通过模型的MATLAB实验仿真,以及和思维进化算法优化的BP神经网络的对比,从混淆矩阵、分类柱状图、ROC曲线和AUC值的方式具体分析两种模型的分类情况。结果表明该分类模型对恶意域名具有高准确率、快速识别的特点,可以应用于恶意域名的网络安全防护中,并且有较高的实用价值。

关键词: S-Kohonen神经网络, 有监督学习, 思维进化算法, 恶意域名检测

Abstract:

As one of the main means of Internet attack, malicious domain name brings huge network use risk to users and enterprises. In order to resist the attack of malicious domain names more effectively and ensure the security of cyberspace, this paper proposes a malicious domain name detection model based on thought evolution algorithm to optimize S-Kohonen neural network. This model using Kohonen neural network, and in the hidden layer after adding an additional output layer, the improvement for supervised neural network S-Kohonen, make its better learning characteristics of malicious domain name, related recycle mind evolutionary algorithm, the initial weights and threshold of neural network are optimized, finally it is concluded that the model can quickly and accurately detect the malicious domain name. Through MATLAB simulation of the model, and the mind evolutionary algorithm to optimize the BP neural network, from the confusion matrix, classification of histogram, ROC curve and AUC value in the form of specific analysis of the classification of the two models, the results show that the classification model for malicious domain with high accuracy, fast identification characteristics, can be used in the malicious domain of network security protection, and have higher practical value.

Key words: S-Kohonen neural network, supervised learning, evolutionary thinking algorithms, malicious domain name detection

中图分类号: