基于生成对抗网络的恶意域名训练数据生成.

Many malware families such as botnet utilize domain generation algorithms (DGAs) to evade detection at present. The mainstream detection algorithms based on artificial rules and machine learning have some limitations due to the fact that DGAs generate domain characters timely and rapidly. The former is somewhat blind to new DGA variants. The latter suffers from the lack of evolving training data. In order to solve these problems, this paper defined domain encoder and decoder on account of the method of ASCII encoding and combined them with the concept of generative adversarial network (GAN) to construct domain character generator. Then it used the generator to predict and generate DGA variants. Experiment results show that the DGA variants generated by this method can act as real DGA samples when these variants are utilized to train and estimate classifiers. This verifies the validity of the generated data and they can be effectively utilized to train and estimate DGA domain detector. [ABSTRACT FROM AUTHOR]