Computer Engineering and Applications ›› 2021, Vol. 57 ›› Issue (14): 103-109.DOI: 10.3778/j.issn.1002-8331.2004-0209

Previous Articles     Next Articles

Small Sample DGA Malicious Domain Names Detection Method Based on Transfer Learning

GU Zhaojun, YANG Wenjin, ZHOU Jingxian   

  1. 1.Information Security Evaluation Center, Civil Aviation University of China, Tianjin 300300, China
    2.Institute of Computer Science and Technology, Civil Aviation University of China, Tianjin 300300, China
    3.Institute of Sino-European Aeronautical Engineering, Civil Aviation University of China, Tianjin 300300, China
  • Online:2021-07-15 Published:2021-07-14



  1. 1.中国民航大学 信息安全测评中心,天津 300300
    2.中国民航大学 计算机科学与技术学院,天津 300300
    3.中国民航大学 中欧航空工程师学院,天津 300300


The Domain name Generation Algorithm(DGA) is easy to evolve, and some category of samples are difficult to obtain, which makes the detection of malicious domain names using traditional machine learning models inaccurate. A small sample DGA malicious domain name detection model based on transfer learning and multi-core CNN is proposed. The model maps the domain name into the vector space, and then uses the DGA with sufficient samples for pre-training, and migrates the pre-trained parameters to the small sample detection model. Finally, the multi-core CNN classification model of small data DGA extracts the characters of domain according to pronunciation habits, and determines whether the domain is a DGA domain. By comparison, the small sample classification model without knowledge transfer has only 11 types of domain names with an accuracy of more than 92%. The classification results of the multi-core CNN model after transfer learning has 20 types of DGA with an accuracy more than 92% and the 11 types more than 97%. Through knowledge transfer, the classification effect of the model trained by insufficient DGA data can be close to the model trained by sufficient data.

Key words: malicious domain names, convolutional neural network, transfer learning, domain generation algorithm, few-shot learning



关键词: 恶意域名, 卷积神经网络, 迁移学习, 域名生成算法, 小样本学习