计算机工程与应用 ›› 2018, Vol. 54 ›› Issue (9): 101-108.DOI: 10.3778/j.issn.1002-8331.1612-0283

• 网络、通信与安全 • 上一篇    下一篇

基于上下文语义的恶意域名语料提取模型研究

黄  诚1,2,刘嘉勇1,刘  亮1,何  祥1,汤殿华2   

  1. 1.四川大学 电子信息学院,成都 610065
    2.保密通信重点实验室,成都 610041
  • 出版日期:2018-05-01 发布日期:2018-05-15

Research on extraction model of malicious domain corpus based on context semantics

HUANG Cheng1,2, LIU Jiayong1, LIU Liang1, HE Xiang1, TANG Dianhua2   

  1. 1.College of Electronics and Information Engineering, Sichuan University, Chengdu 610065, China
    2.Science and Technology on Communication Security Laboratory, Chengdu 610041, China
  • Online:2018-05-01 Published:2018-05-15

摘要: 针对目前基于白名单过滤技术在海量文本中恶意域名提取的漏报、误报等问题,提出了一种基于上下文语义的恶意域名语料提取模型。该模型分别从恶意域名所在语句的上下文单词、短语进行语义分析,并利用自然语言处理技术自动生成描述恶意域名的语料。通过该模型对公开的APT(Advanced Persistent Threat)分析文档数据提取了大量恶意域名语料数据。利用安全博客文章数据并结合基于随机森林算法的机器分类模型对论文提取的恶意语料的有效性进行了验证。

关键词: 恶意域名, 文本挖掘, 提取模型, 恶意语料

Abstract: To solve the problem of omitting and false positive in extracting malicious domains based on whitelist filtering technology in massive text, a contextual semantic-based model for extracting malicious domain corpus is presented. The proposed approach is based on the context words and phrases which describes malicious domains in a technical way, and natural language processing technology is used to automatically generate corpus from sentences which contain malicious domains. Malicious domain corpus is generated from many advanced persistent threat reports and articles with the proposed model. The malicious corpus extracted from documents is verified by random forest classifier.

Key words: malware detection, text mining, information extraction, malicious corpus