3377��

�˹��徲|AI�徲Ӧ�ã�DGA��

DGA��о��徲Ȧ��۵��Ż��⡣��Ű��DGA��Ҫ��ʹ�ú��ս��ʵ�֣��DGA��ҹ�ģ��͵��һֱ��͸��º��ò��ʵ��ڻ�еѧϰ��DGA��Ҫ��ֹ��һȱ��ʵ��ʵʱ��⣬��ѳ�ΪDGA��о��ƫ��

��

�˹��徲|AI�徲Ӧ�ã�DGA��

��ʱ�䣺2021-08-05

��6395

��

01 �侰

��ʵ��Դ��ʱͨѶ��ʽ��㣬��ǵ��Ĵ��˼��ı㵱��Ȼ��Щ��Ҳ�ᱻ��ã��ʬ��磨botnet��ǵ�䷶�ӡ��ʬ��ɴ��ܿ��ʬ��bot��һ��Ϳ��C2��Command &Control��ɣ��bot��C2��໥ͨѶ�Ա�ת��ݡ��Ϊ��ֹC2��뷨��ɹ��bot��C2��ͨѶ��Ϊ��У��㷨DGA��Domain Generation Algorithm��һ��ա��ӵ�˵��ʹ��DGA�㷨��ӣ��ʱ�䡢��ȣ��㷨��AGD��Algorithmically Generated Domain��Ȼ��ֻ��Ҫʹ��һ��C2ͨѶ��Ϊ�˷��Ҫ��AGD��м�⡣��ֹ��˫��Դ�Ĳ�س��ԣ��DGA��ձ��ձ�ʹ�á��MITRE ATT&CK C2ս��T1568.002��ռ�¼��ʮ��ʹ��DGA��յ�APT��֯��ñ�APT41��Aria-body�ȡ��2008��Kraken��Conficker��Ϊ��ƹ��ּ��ϵͳ�ļ�飬��Щ��ж��DGA��ա��µ��ձ��Ԥ�ƣ��AGD��ĿԼռ��9.9%��1/5��ڻ��DGA�Ľ�ʬ��磨Լռ��ע��1.8%��

Ŀ��DGA��о��徲Ȧ��۵��Ż��⡣��Ű��DGA��Ҫ��ʹ�ú��ս��ʵ�֣��DGA��ҹ�ģ��͵��һֱ��͸��º��ò��ʵ��ڻ�еѧϰ��DGA��Ҫ��ֹ��һȱ��ʵ��ʵʱ��⣬��ѳ�ΪDGA��о��ƫ��

��Ľ��DGA��֪ʶ��DGA��Ҫ��״�Լ��DGA��ƻ��

02 ��

2.1 DGA��ԭ��

DGA��һ��㷨��ƣ��ֶ��ڵ�α��α��ζ��ַ��ƺ��ģ��ṹ��Ԥ��ȷ��˿��ظ��͸��ơ��

��ǲ��ģ��ֻ��һС��ᱻע��Թ��ܿ��C2��ͨѶ��Ӷ��Ϣ��ʹ��ģ��һ��ֳ��ֹʱ��߻��DGA��б��ע��ʹ��DGA��й��ԭ��ͼ1[1]��ʾ��

��ͨ��DGA�㷨��ڱ�ѡ��ܿض˶��ͳһ��DGA�㷨��ͬ�ı�ѡ��б��й��ʱ�䣬��ѡ��ע�ᣬ��ܿض�ͨ��ʻ�ȡ��ע��C2��ݴ��䡣��

2.2 DGA��

2.2.1 ƾ֤��Ӿ��з��

��ǹ��ߺͿͻ��˶��DGA�㷨��֮һ��ӵó��DGA��Ƿ��ġ��

DGAʹ�õ��࣬��ڡ��罻��ȴʡ��飬��DGAƾ֤��һ��ַ�ǰ׺��TLD��com��org�ȣ��

һ��ƽ��˵��ӿɰ��·��з��ࣺ

��ʱ��ӣ�DGA�㷨ʹ��ʱ��Ϣ��Ϊ��루�磺�ܿ��ϵͳʱ�䣬��http��Ӧ��ʱ��ȣ��

�Ƿ��ȷ��ԣ��DGA�㷨��ȷ��ģ��AGD��Ա��ǰ��㣬��Ҳ��һЩDGA�㷨��ǲ�ȷ��ģ��磺Bedep��ŷ��ο��Ϊ��ӣ��Torpig��Twitter��Ҫ��Ϊ��ӣ��ֻ��ȷ׼ʱ�䴰��ע��Ż��Ч��

ƾ֤��ӵķ��Ҫ�죬��DGA��Է�Ϊ��4�ࣺ

TID(time-independent and deterministic)��ʱ�䲻��أ��ȷ��

TDD(time-dependent and deterministic)��ʱ��أ��ȷ��

TDN(time-dependent and non-deterministic)��ʱ��أ��ȷ��

TIN(time-independent and non-deterministic)��ʱ�䲻��أ��ȷ��

2.2.2 ƾ֤��㷨��з��

��DGA��㷨һ��ƽ��Է�Ϊ��4�ࣺ

��㷨��һ��ASCII��ֵ�ֵ��Ӷ��DGA��ʢ�ж��ߣ��

��ڹ�ϣ��ù�ϣֵ��16��ֱ��DGA��ʹ�õĹ�ϣ�㷨�У�MD5��SHA256��

��ڴ��飺�÷��ר�д��ѡ��ʾ��ϣ��̭��ַ��ϵ��ԣ��ɻ��Ը�ǿ��Ƕ�ڶ��л��ߴӹ��з��ȡ��

��ϣ��һ��ʼ��ַ��ϵ��ϡ��

2.3 DGA��

DGA��ʹ�ú��ձ飬��֪��DGA��40��±�ö��4��DGA��TLD��򣩡�SLD��򣩺��

��1 ��DGA��

03 ��״

3.1 ��

��DGA�㷨��ʱ��Ժ�ȷ��ԣ��ǵ��ǿɻ�ȡ�Ϳ��õģ��Ӷ��п��ܵ�Ч��ڴ��ص㣬��Զ�ÿ��㷨��ӣ��Ӷ��ȡ��ں�ʱ��ͣ��DGA��⡣��

��ǣ��˼��췢��Ķ��ֵ��Ŀʱ��Ҫ��ǲ��еġ��Ե��ԭ��棬��һ�Ǻ��ĸ��ԶԶ�ϲ��DGA��ʣ��Ǳ��е�DGA��Ż��ܿ��C2��ͨѶ��[2]��ԣ��Դ��DGA��ʵͣ��1.2%��DGA��ں��С��ˣ��ֱ��DGA��Ҫ�첢��ɽ��⡣��

��ڻ�еѧϰ��DGA��Ҫ��󲿷��ֱ�Ӵ��ȫ��FQDN��Fully Qualified Domain Name��ȡ��FQDN��Ϊһ��ַ��ȡ��ȡ��ء�NGram��Ҫ�첻��Ϣ��ʱ�䡢��õȣ��ˣ��ʵ��ʵʱ��⡣��

��ڹŰ��еѧϰ�㷨��ѧϰ��DGA��⣬��ȡ��˲��Ч��Ű��еѧϰ�㷨��Ϊ��ѧϰ��޼��ѧϰ��࣬��㷨��DGA��Ӧ�á��

3.2 ��ڼ��ѧϰ�ļ��

��õļ��ѧϰ�㷨�о��ɭ�֣��[3]ʹ�þ��DGA��Ķ��⣬��ʹ�õ��ȡ��ַ��Ԫ��ĸ��ĸ��֣��NGram�أ��[4]Ҳ��ʹ�þ��㷨��ж��࣬��ʹ�õ��Ϊ��Ⱥ��Խ�˵��ֵ��ɭ��ڽ��Ĺ��⣬��ձ�ʹ��ɭ��óͷ��DGA�Ľ�ʬ��⣬��[5]��ʹ��ɭ��㷨��⣬��ʹ�õ��ࣺ��ṹ��ͨ��

3.3 ��޼��ѧϰ�ļ��

��ھ��ɭ�ֵ�ģ��ڼ��ѧϰ��Ҫ��Ż��顣��޼��ѧϰ��м��ѧϰ��һ��Ҫ��ǲ��Ҫ��ǵ��ݼ��֪��K-Means�㷨��һ��ӳ��õ��޼��ѧϰ�㷨��ձ�Ӧ��DGA��У��[6]ʹ��KMeans��DGA��Ķ��࣬��ʹ��ĳ��ȡ��غ�NGram��[7]ʹ��KMeans��DGA��ʹ��˿ɶ��ԣ�NGram��Ϣ�ء��ṹ��ȡ��ַ��ȣ��ʮ��У��ֻ��޼��㷨��DGA��⡣��KMeans��־��Ҫ�죺��ģ�ӣ�MM��HC��ǵ�ʹ�ú��ޣ��Ч��롣��

3.4 ��ѧϰ�ļ��

��ѧϰҲ��DGA��ձ��Ӧ�ã��ѭ��磨RNNs��Ƿ��Ӱ��磨LSTM��;��磨CNN��Ӧ�õ��DGA��С��磺��[8]ʹ��LSTM��DGA��ࡢDGA��⣻��[9]�о��˾��LSTM�ı��壬��Ҳ��ж��Ͷ��ࣻ��[10]��RNN��LSTM��CNN��CNN-LSTM��Ͼ��DGA��Ͷ��Ч��ѧϰ�ڶ��־��ʣ��ڶ��д��Ҫ��׼ȷ�Ⱥ��ٻ��ʷ��涼ȡ��ɵ�Ч��Ҫ˵��ѧϰ��Ȼ��ṩ�ܺõķ��Ч��̫��ϵģ��ǲ�͸��ģ��ȱ��͸��յ��޷��㷨��΢��Ҳ�޷�ڹ��Ч��Ե��ԭ�ɡ��

��ֵ��һ��ǣ��о�ʹ��ѧϰ�㷨��ȡ��Ȼ��ʹ�÷��㷨��з��࣬��[7]ʹ��CNN��Щ��ɾ��ɭ�ַ��з��ࡣ��

04 �ƻ�

��һ�ּ��Ӹ�Ч��DGA��ƻ��üƻ��ȡ��ַ��DGA��⣬��ʵ��ע�üƻ��á��üƻ��ϸ��ģ��ʾ��ͼ��ͼ2��ʾ��ǽ��ص��̺�ģ��ǶȾ��ݡ��

4.1 ��

��ƻ�ʹ��20��Ϊ��ࣺһ��Ϊ��ַ��糤�ȡ��ء��ַ��ȣ��ã��һ��ΪNLP-nGrams��ص��Щ��󶼷�Ӧ��Ӧ��ʵ��ж��Ҫ��SEO��Ż��볤�ȣ�ԼĪ12-13��ַ��Լ��׶��׼ǡ��ص㡣��

��ƻ��ÿ��ֱ��ͼ��ܾ��ٲ��ͼ��о��

��:

��DGA��һ��Ҫ��ͼ3��ͼ��Կ��DGA��ĳ��ȸ��

��:

�ط�Ӧ��ַ��ԣ��DGA��㷨��α��ַ��Ը��ȸ��ߡ��ͼ4Ϊ��DGA��ܱ��ͼ��

��ַ�ת�Ƹ��:

�ַ�ת�Ƹ��ʿ��Է�Ӧ��Ŀɶ��ԣ��ʹ��Ӣ��ͳ��N-Gram��ת�Ƹ��ʣ��DGA��N-Gramת�Ƹ��ϲ��ϴ��

�ַ��:

�ַ��Ҳ��DGA��ĳ��ַ��֡�Ԫ��ĸ��ĸ�ȡ��

nGram:

��ƻ��nGram��ƽ��ֵ�ͷ����׼ΪӢ��ϣ��DGA��ԣ��Ӣ��ϲ��ϴ��nGram��ʵ��

4.2 ģ��

��ƻ�ʹ�õ�ѵ��ȪԴ�ڹ��ݼ��ڰ��ϣ��ģ�Ӽ��Ч��±��ʾ��

��2 ģ�Ӽ��Ч��

��ϱ��ݿ��Կ��㷨�ļ��Ч��𲻴��ʾ��ִ�96%��ϡ��

05 ��

��ڻ�еѧϰ��DGA��Ҫ��һ��ƣ��Ȼ��Ҫƾ֤��ξ��Ż��DGA��ƻ��ܹ��ִ�Ϻõļ��Ч��Ǽƻ��Ի��ڴ��DGA��Ч��Ż��ռ䣬��⽫��Ϊ��о��ص㣻��⣬��ƻ��DGA��еĶ��о��ǽ��һ��DGA��ж��о��ע��

�ο��

[1]Patsakis,Constantinos,and FranCasino. "Hydras and IPFS: a decentralised playground for malware."International Journal of Information Security (2019): 1-13.

[2]K��hrer M, Rossow C, Holz T (2014) Paint it black: evaluating the effectiveness of malware blacklists. In: RAID 2014: research in attacks, intrusions and defenses, June, pp 1�C21. Springer International Publishing.

[3]Ahluwalia A, Traore I, Ganame K, Agarwal N (2017) Detecting broad length algorithmically generated domains. In: Intelligent, secure, and dependable systems in distributed and cloud environments, chap. 2, pp 19�C34. Springer International Publishing.

[4]Truong D, Cheng G (2016) Detecting domain-flux botnet based on DNS traffic features in managed network. Security Communication Networks 9(14):2338�C2347.

[5]Luo X, Wang L, Xu Z, Yang J, Sun M, Wang J (2017) DGASensor: fast detection for DGA-based malwares. In: 5th international conference on communications and broadband networking, pp 47�C53.

[6]Bisio F, Saeli S, Lombardo P, Bernardi D, Perotti A, Massa D (2017) Real-time behavioral DGA detection through machine learning. In: 2017 international carnahan conference on security technology, pp 1�C6.

[7]Pu Y, Chen X, Pu Y, Shi J (2015) A clustering approach for detecting auto-generated Botnet domains. In: Applications and techniques in information security, pp 269�C279.

[8]Woodbridge J, Anderson HS, Ahuja A, Grant D (2016) Predicting domain generation algorithms with long short-term memory networks. CoRR abs/1611.0.

[9]Tran D, Mac H, Tong V, Tran HA, Nguyen LG (2018) A LSTM based framework for handling multiclass imbalance in DGA Botnet detection. Neurocomputing 275:2401�C2413.

[10]Vinayakumar R, Soman K, Poornachandran P, Sachin Kumar S (2018) Evaluating deep learning approaches to characterize and classify the DGAs at scale. J Intell Fuzzy Syst 34(3):1265�C1276.

��Ȩ��

ת��ע��ɡ��

��Ȩ��У��Υ�߱ؾ��

Ҫ��ʱ�ǩ��: 3377�� �˹��徲 AI�徲Ӧ�� DGA��

��һƪ 3377��ڣ��ˣ��徲��̸

��һƪ ��Cλ20��أ��ǽ��λһ��ƻ��~

��˶�

��˾�� ᣡ3377��ٻ�2025��й�ͨѶѧ��ѧ��ս��صȽ�

2025-11-27

��æ��

�г��̬ 3377��2025��2026��û��ã��ֻ�и��??

2026-01-04

��æ��

�г��̬ ��徲��޸ģ��3377����AI+�徲��

2025-10-29

��æ��

�Ƽ��

3377��ڷ��ǽһ��25��κ��г��һ

��

��һ��ҵ��3377��ࡶ2025-2026��й��һ��ҵ�о��桷

��

3377��һ��12��CNNVDһ��֧�ֵ�λ�ƺ�

��

3377��뻪Ϊ��ʽ��ȫ��Ž��+�徲��Ʒ��

��

3377��һ��ѡCICSVD��ҹ�ҵ��Ϣ�徲��Ա��λ

��

3377��һ��ͨ��֤��

��

�Ƽ��Ʒ

��ƻ�

��ѯ

��ѯ>
��֧��>
�Ʒ��֧��>
��ǰ֧��>

��

��֧��>
��ǰ֧��>
��ѵӪҵ>
�徲��>

�ͻ��

400-777-0777
7*24Сʱ��

��ϵ��

servicing@topsec.com.cn

ɨ��ע

��վ��ͼ��sitemap��