关键词: 恶意域名检测, 长短时记忆神经网络, word2vec, Attention机制

Abstract:

At present, malicious domain names are widely used in acting-controlled Trojans, phishing fraud and other network attacks. Traditional malicious domain name detection methods have the problem of long-distance dependency. It is easy to ignore contextual information and difficult in detecting malicious domain names efficiently and accurately because of its high data dimension. This paper presents a deep learning method for detecting malicious domain names by Autoencoder Network（AN） for feature reduction combined with Long Short-Term Memory network（LSTM）. Firstly, the word vector representation of the implementation containing semantics is used, and the problem that the traditional method leads to the sparse and dimension disaster of data representation is solved. The word vector is constructed by word2vec as the input of LSTM, then the correlation between LSTM input and output is sorted by Attention mechanism, the overall characteristics of the text are obtained, finally, the local features are merged with the whole feature, and the classification results are output by using the softmax classifier. Experimental results show that this method has a good performance in malicious domain name detection, and has higher detection rate and less detection time than the traditional method of detecting malicious domain names.

Key words: malicious domain name detection, long short-term memory network, word2vec, Attention mechanism