自编码
计算机科学
恶意软件
领域(数学分析)
人工智能
机器学习
集合(抽象数据类型)
数据挖掘
对策
特征(语言学)
极限(数学)
模式识别(心理学)
深度学习
计算机安全
工程类
程序设计语言
航空航天工程
哲学
数学分析
语言学
数学
作者
Huy Kang Kim,Hyun Min Song,Jeong Do Yoo,Suyoun Hong,Byungmo Cho,Kwangsoo Kim,Huy Kang Kim
标识
DOI:10.1016/j.cose.2022.102662
摘要
Since malware creates severe damage to the system, past studies leveraged various algorithms to detect malicious domains generated from Domain Generation Algorithms (DGAs). Although they achieved a promising performance, security practitioners had to acquire a large amount of fine-labeled dataset with a particular effort. Throughout the research, we propose a series of analysis to build a novel malicious domain detection method with the autoencoder in an unsupervised approach to overcome this limit. The contributions of our study are as follows. First, we proposed significant feature extraction methods that focused on the domain’s linguistic patterns and validated the proposed set of features effectively discriminate benign domains and malicious domains. Second, we established a malicious domain detection method with the autoencoder only with benign domains provided during the model training. Thus, we let a security practitioner build a malicious domain detection model with less labeling effort. Third, the proposed malicious domain detection model achieved a precise detection performance of 99% accuracy and F1 score. Lastly, our model maintains the aforementioned detection performance, although it is trained with a small training set; thus, the model reduces training dataset accumulation effort. Although our detection model cannot identify malicious domains’ origins, particular types of DGA, we evaluate security practitioners can easily implement a countermeasure against DGAs with less effort. In pursuit of precise malicious domain detection, we expect our study can be a concrete baseline for future works.
科研通智能强力驱动
Strongly Powered by AbleSci AI