基于思维进化算法优化S-Kohonen神经网络的恶意域名检测模型

doi:10.3969/j.issn.1671-1122.2020.06.010

摘要/Abstract

摘要：

恶意域名作为目前互联网攻击的主要手段,给用户和企业带来巨大的网络使用的风险。为了更有效地抵御恶意域名的攻击,保障网络空间的安全性,文章提出了一种基于思维进化算法优化S-Kohonen神经网络的恶意域名检测模型。该模型利用Kohonen神经网络,在隐藏层后额外添加一个输出层,将其改进为有监督的神经网络S-Kohonen,使其更好地学习恶意域名的相关特征,再利用思维进化算法进行结合,优化神经网络的初始权值和阈值,最终得出的模型可以快速、准确地检测出恶意域名。通过模型的MATLAB实验仿真,以及和思维进化算法优化的BP神经网络的对比,从混淆矩阵、分类柱状图、ROC曲线和AUC值的方式具体分析两种模型的分类情况。结果表明该分类模型对恶意域名具有高准确率、快速识别的特点,可以应用于恶意域名的网络安全防护中,并且有较高的实用价值。

关键词: S-Kohonen神经网络, 有监督学习, 思维进化算法, 恶意域名检测

Abstract:

As one of the main means of Internet attack, malicious domain name brings huge network use risk to users and enterprises. In order to resist the attack of malicious domain names more effectively and ensure the security of cyberspace, this paper proposes a malicious domain name detection model based on thought evolution algorithm to optimize S-Kohonen neural network. This model using Kohonen neural network, and in the hidden layer after adding an additional output layer, the improvement for supervised neural network S-Kohonen, make its better learning characteristics of malicious domain name, related recycle mind evolutionary algorithm, the initial weights and threshold of neural network are optimized, finally it is concluded that the model can quickly and accurately detect the malicious domain name. Through MATLAB simulation of the model, and the mind evolutionary algorithm to optimize the BP neural network, from the confusion matrix, classification of histogram, ROC curve and AUC value in the form of specific analysis of the classification of the two models, the results show that the classification model for malicious domain with high accuracy, fast identification characteristics, can be used in the malicious domain of network security protection, and have higher practical value.

Key words: S-Kohonen neural network, supervised learning, evolutionary thinking algorithms, malicious domain name detection

中图分类号:

TP309

罗峥, 张学谦. 基于思维进化算法优化S-Kohonen神经网络的恶意域名检测模型[J]. 信息网络安全, 2020, 20(6): 82-89.

LUO Zheng, ZHANG Xueqian. A Malicious Domain Name Detection Model Based on S-Kohonen Neural Network Optimized by Evolutionary Thinking Algorithm[J]. Netinfo Security, 2020, 20(6): 82-89.

图/表 12

图1

图2

图3

表1

图4

图5

表2

表3

表4

图6

图7

图8

参考文献 20

[1]	YIN Congxian. Research And Implementation Of Malicious Domain Name Detection Technology Based On Big Data Analysis[D]. Beijing:Beijing University of Posts and Telecommunications, 2018.
	殷聪贤. 基于大数据分析的恶意域名检测技术研究与实现[D]. 北京:北京邮电大学, 2018.
[2]	HONG Bo, GENG Guanggang, WANG Liming, et al. System to discover phishing attacks actively based on DNS[J]. Application Research of Computers, 2013,30(12):3771-3774.
	洪博, 耿光刚, 王利明, 等. 一种基于DNS主动检测钓鱼攻击的系统[J]. 计算机应用研究, 2013,30(12):3771-3774.
[3]	ZHANG Y, HONG J I, CRANOR L F. Cantina: A Content-Based Approach to Detecting Phishing Web Sites[EB/OL]. http://www.researchgate.net/publication/221023659_CANTINA_A_content-based_approach_to_detecting_phishing_web_sites?_sg=w9ZhIXNv5TCQn_H9GIVF76s09HqBjnKpCuWsAoZDeGp7x_zIPjkrGs6f9KxeYK4Rt5dMk2vgdD6c0_2QuhHwwg, 2019-10-15.
[4]	CANALI D, COVA M, VIGNA G, et al. Prophiler: A Fast Filter for the Large-Scale Detection of Malicious Web Pages[EB/OL]. http://www.researchgate.net/publication/221023059_Prophiler_A_fast_filter_for_the_large-scale_detection_of_malicious_web_pages?ev=auth_pub, 2019-10-15.
[5]	CHOI H, ZHU B B, LEE H. Detecting Malicious Web Links and Identifying Their Attack Types[EB/OL]. Detecting Malicious Web Links and Identifying Their Attack Types, 2019 -10-15.
[6]	ZHANG Siyu. Malware Domain Name Mining Based on DNS Traffic[D]. Shanghai: Shanghai Jiao Tong University, 2014.
	章思宇. 基于DNS流量的恶意软件域名挖掘[D]. 上海:上海交通大学, 2014.
[7]	LI Kunlun, DONG Ning, GUAN Liwei, et al. DoS Attack Detection Algorithm of the Improved Kohonen Network[J]. Journal of Chinese Computer Systems, 2017,38(3):450-454.
	李昆仑, 董宁, 关立伟, 等. 一种改进Kohonen网络的DoS攻击检测算法[J]. 小型微型计算机系统, 2017,38(3):450-454.
[8]	DONG Ning. Research on Denial of Service Attack Detection Algorithm Based on S-Kohonen Neural Network[D]. Baoding: Hebei University, 2017.
	董宁. 基于S-Kohonen神经网络的拒绝服务攻击检测算法的研究[D]. 保定:河北大学, 2017.
[9]	LU Peng, TANG Chao. Research on DoS Attack Detection Algorithm Based on S-Kohonen[J]. Computer Measurement & Control, 2018,26(10):165-169.
	卢鹏, 唐超. 基于S-Kohonen的DoS攻击检测算法研究[J]. 计算机测量与控制, 2018,26(10):165-169.
[10]	MA Wei, MA Quanfu. Application of Supervised Kohonen Neural Network in Cancer Diagnosis[J]. Microelectronics & Computer, 2014,31(12):108-110, 113.
	马卫, 马全富. 有监督的Kohonen神经网络聚类算法在癌症诊断中的应用[J]. 微电子学与计算机, 2014,31(12):108-110,113.
[11]	GUO Xin, WANG Lei, XUAN Bokai, et al. Gait Recognition Based on Supervised Kohonen Neural Network[J]. Acta Automatica Sinica, 2017,43(3):430-438.
	郭欣, 王蕾, 宣伯凯, 等. 基于有监督Kohonen神经网络的步态识别[J]. 自动化学报, 2017,43(3):430-438.
[12]	LIU Wei. Research on the Utility of Grey Neural Network Model Based on Thought Evolution Algorithm in GDP Prediction[D]. Qinhuangdao: Yanshan University, 2018.
	刘伟. 基于思维进化算法的灰色神经网络模型预测GDP的效用研究[D]. 秦皇岛:燕山大学, 2018.
[13]	HUANG Wei, CHANG Jun, SUN Zhibin. Characteristic Curve Prediction of Compressor Based on MEA-BP Neural Network[J]. Journal of Chongqing Institute of Technology, 2019,33(2):67-74.
	黄伟, 常俊, 孙智滨. 基于MEA-BP神经网络的压气机特性曲线预测[J]. 重庆理工大学学报, 2019,33(2):67-74.
[14]	LIN Qilin, BAO Guangqing. Daily Power Load Forecasting Based on MEA-Elman Neural Network Model[J]. Industrial Instrumentation & Automation, 2017,17(3):7-10.
	林麒麟, 包广清. 基于MEA-Elman神经网络的电力日负荷预测[J]. 工业仪表与自动化装置, 2017,17(3):7-10.
[15]	SONG Hongda, DONG Xin. Research and Implementation of Malicious Domain Name Detection Technology Based on Big Data Analysis[J]. Journal of Educational Institute of Jilin Province, 2014,30(12):142-144.
	宋泓达, 董鑫. 基于改进思维进化算法的神经网络负荷预测[J]. 吉林省教育学院学报, 2014,30(12):142-144.
[16]	GAO Shuai, HU Hongping, LI YangAQI, et al. Prediction Based on Improved Mind Evolutionary Algorithm and BP Neural Network[J]. Mathematics in Practice and Theory, 2018,48(19):151-157.
	高帅, 胡红萍, 李洋, 等. 基于改进的思维进化算法与BP神经网络的AQI预测[J]. 数学的实践与认识, 2018,48(19):151-157.
[17]	YU Jun, WANG Zhao, JI Tianming, et al. Wind Power Prediction Research Based on Mind Evolutionary Algorithm[J]. Computing Technology and Automation, 2017,36(2):95-99.
	俞俊, 王召, 籍天明, 等. 基于思维进化算法的风电功率预测研究[J]. 计算技术与自动化, 2017,36(2):95-99.
[18]	WEN Yongjun, KONG Fanzhi, LI Xiaobo. Design of the Visit Statistic System for Web Site Based on the Alexa[J]. Journal Of Hunan City University(Natural Science), 2010,19(4):67-69.
	文勇军, 孔凡志, 李小波. 基于Alexa的网站访问统计系统的设计[J]. 湖南城市学院学报(自然科学版), 2010,19(4):67-69.
[19]	LI Xiaobin. Research on Detection and Protection of Malicious Domain Name Based on SDN and Machine Learning[D]. Chongqing: Chongqing University, 2017.
	李小兵. 基于SDN和机器学习的恶意域名检测与防护的研究[D]. 重庆:重庆大学, 2017.
[20]	ZOU Hongxia, QIN Feng, CHENG Zekai. Algorithm for Generating ROC Curve of Two-Classifier[J]. Computer Technology And Development, 2009,19(6):109-112.
	邹洪侠, 秦锋, 程泽凯, 等. 二类分类器的ROC曲线生成算法[J]. 计算机技术与发展, 2009,19(6):109-112.

	恶意域名	正常域名	总计
预测为恶意域名	TP	FP	TP+FP
预测为正常域名	FN	TN	FN+TN
合计	TP+FN	FP+TN	N

	恶意域名	正常域名	总计
判断为恶意域名	5788	208	5996
判断为正常域名	212	3792	4004
合计	6000	4000	10000

	恶意域名	正常域名	总计
判断为恶意域名	5626	311	5937
判断为正常域名	374	3689	4063
合计	6000	4000	10000