| 基于词素特征的轻量级域名检测算法 |
| |
| 引用本文: | 张维维,龚俭,刘茜,刘尚东,胡晓艳.基于词素特征的轻量级域名检测算法[J].软件学报,2016,27(9):2348-2364. |
| |
| 作者姓名: | 张维维 龚俭 刘茜 刘尚东 胡晓艳 |
| |
| 作者单位: | 东南大学 计算机科学与工程学院, 江苏 南京 210096;江苏省计算机网络重点实验室, 江苏 南京 210096,东南大学 计算机科学与工程学院, 江苏 南京 210096;江苏省计算机网络重点实验室, 江苏 南京 210096,东南大学 计算机科学与工程学院, 江苏 南京 210096;江苏省计算机网络重点实验室, 江苏 南京 210096,东南大学 计算机科学与工程学院, 江苏 南京 210096;江苏省计算机网络重点实验室, 江苏 南京 210096,东南大学 计算机科学与工程学院, 江苏 南京 210096;江苏省计算机网络重点实验室, 江苏 南京 210096 |
| |
| 基金项目: | 国家自然科学基金(60973123);国家科技支撑计划(2008BAH37B04);国家重点基础研究发展计划(973)(2009CB320505); |
| |
| 摘 要: | 对网络中DNS交互报文进行检测以发现恶意服务,是网络安全监测的一个重要手段,这种检测往往要求系统能够实时或准实时地发现监测域名中的可疑对象.面对庞大的域名集合,若对所有域名使用同样强度的监测通常开销过大.通过挖掘域名字面蕴含的词素(词根、词缀、拼音及缩写)特征,提出一种轻量级检测算法,能够快速锁定可疑域名,以便后续有针对性地进行DPI检测.实验结果表明:基于词素特征的检测算法比统计n元组频率分布的方法虽然略微增加了58.3%的内存开销,但却具备抗逃避能力以及更高的准确率(相对提高35.2%);与基于单词特征的方法相比,极大地降低了计算复杂度(相对降低64.8%),并减少了2.6%的内存开销,而准确率仅下降2.5%.
|
| 关 键 词: | 网络安全监测 域名检测 词素 字符串切分 C4.5分类器 |
| 收稿时间: | 2014/10/11 0:00:00 |
| 修稿时间: | 3/2/2015 12:00:00 AM |
Lightweight Domain Name Detection Algorithm Based on Morpheme Features |
| |
| ZHANG Wei-Wei,GONG Jian,LIU Qian,LIU Shang-Dong and HU Xiao-Yan.Lightweight Domain Name Detection Algorithm Based on Morpheme Features[J].Journal of Software,2016,27(9):2348-2364. |
| |
| Authors: | ZHANG Wei-Wei GONG Jian LIU Qian LIU Shang-Dong and HU Xiao-Yan |
| |
| Affiliation: | School of Computer Science and Engineering, Southeast University, Nanjing 210096, China;Jiangsu Provincial Key Laboratory of Computer Network Technology, Nanjing 210096, China,School of Computer Science and Engineering, Southeast University, Nanjing 210096, China;Jiangsu Provincial Key Laboratory of Computer Network Technology, Nanjing 210096, China,School of Computer Science and Engineering, Southeast University, Nanjing 210096, China;Jiangsu Provincial Key Laboratory of Computer Network Technology, Nanjing 210096, China,School of Computer Science and Engineering, Southeast University, Nanjing 210096, China;Jiangsu Provincial Key Laboratory of Computer Network Technology, Nanjing 210096, China and School of Computer Science and Engineering, Southeast University, Nanjing 210096, China;Jiangsu Provincial Key Laboratory of Computer Network Technology, Nanjing 210096, China |
| |
| Abstract: | Detecting malicious services via inspecting the content of DNS packets is a common way to network security monitoring. Such a work often requires quasi real time ability to find suspects among the huge collected domain names, which is costly in processing resources. This work proposes a lightweight algorithm based on the morpheme features (root, affix, Chinese spelling and special noun abbreviation) of domain names to quickly identify the suspects for targeted DPI detection. Compared with algorithms based on n-tuple frequency distribution measurement, the proposed one is proved to have stronger anti-interference ability and better detection accuracy by 35.2% higher while only 58.3% memory overhead increasing. While compared with the methods based on word features, this lightweight algorithm can cut 64.8% of computation complexity and 2.6% memory overhead down with only 2.5% accuracy reduction. |
| |
| Keywords: | network security monitoring domain name detection morphemes string segmentation C4 5 classifier |
|
| 点击此处可从《软件学报》浏览原始摘要信息 |
|
点击此处可从《软件学报》下载全文 |
|
