Method for detecting CC server in DNS flow heterogeneous graph based on graph neural network

The invention provides a domain name system (DNS) traffic heterogeneous graph based on a graph neural network (CAMP). The invention discloses a C server detection method, and belongs to the technical field of network security, and the method comprises the steps: obtaining DNS flow data, judging whet...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Hauptverfasser:	SUN HAO, LUO XI, YU CHENG, WANG ZHIMING, DUAN ZITONG, ZHOU KAI, YIN LIHUA
Format:	Patent
Sprache:	chi ; eng
Schlagworte:	CALCULATING COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS COMPUTING COUNTING ELECTRIC COMMUNICATION TECHNIQUE ELECTRICITY PHYSICS TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:	Volltext bestellen
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

Beschreibung
Zusammenfassung:	The invention provides a domain name system (DNS) traffic heterogeneous graph based on a graph neural network (CAMP). The invention discloses a C server detection method, and belongs to the technical field of network security, and the method comprises the steps: obtaining DNS flow data, judging whether a domain name in the DNS flow data is a malicious domain name through a GRU model, and adding a corresponding judgment label to a domain name node corresponding to the flow data; constructing a DNS flow heterogeneous graph according to the DNS flow data, and performing aggregation projection and semantic fusion processing on the DNS flow heterogeneous graph to obtain a final embedded vector of each node of the heterogeneous graph; performing binary classification on the final embedded vector of each node through a linear layer and a Sigmoid activation function, and determining whether the server IP node belongs to a benign server or a Camp; and C server. According to the method, a mode of analyzing the traffic