Malicious domain name detection method and device based on heterogeneous graph neural network
The invention discloses a malicious domain name detection method and device based on a heterogeneous graph neural network, and the method comprises the steps: constructing a heterogeneous graph G = (V, E) of DNS flow based on DNS log data and Whois data; based on the edge E, obtaining meta-paths of...
Gespeichert in:
| Hauptverfasser: | , , , , , , , , , |
|---|---|
| Format: | Patent |
| Sprache: | chi ; eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| Zusammenfassung: | The invention discloses a malicious domain name detection method and device based on a heterogeneous graph neural network, and the method comprises the steps: constructing a heterogeneous graph G = (V, E) of DNS flow based on DNS log data and Whois data; based on the edge E, obtaining meta-paths of which the types of the starting node and the ending node are domain name nodes; according to domain name behaviors of the DNS log data and the Whois data in different periods, extracting time sequence features and domain name registration features of each domain name node to obtain feature vectors of each domain name node; and based on the meta-path and the feature vector, calculating an embedded feature of each domain name node to obtain a malicious domain name detection result of the unmarked domain name node. According to the method, the existing malicious domain names are effectively identified from massive DNS traffic.
本发明公开了一种基于异构图神经网络的恶意域名检测方法及装置,所述方法包括:基于DNS日志数据与Whois数据,构建DNS流量的异构图G=(V,E);基于边E,获取起始节点与终止节点类型 |
|---|