| Popis: |
Attackers can use the domain name system (DNS), a crucial service of the network, to carry out harmful activity. The task of detecting malicious domain names has grown in importance in the fight against network crime. The increasing complexity of DNS attack requires new detection methods to deal with new threats. With machine learning and deep learning approaches, malicious DNS detection methods have made considerable strides in recent years. However there are still certain difficulties, such as inflexible feature extraction. To solve this problem, the combination model presented in this paper is based on an enhanced Transformer and a convolutional neural network (CNN). The encoder portion of the Transformer is used to extract domain name features once the network packet has been parsed. Using a multi-head attention mechanism, we pay particular attention to the sequence relationship between the domain name characters. The position relations and word vectors are directly inserted into the word embedding layer using one-hot encoding. They are forwarded to the CNN model for flow-based feature extraction after other traffic information has been analyzed. The features that were extracted by CNN and Transformer are combined into a feature matrix before being categorized, which increases the adaptability of feature extraction. The results of the experiments show that the proposed method is capable of accurately identifying different categories of malicious DNS with various features. |
