针对目前基于白名单过滤技术在海量文本中恶意域名提取的漏报、误报等问题,提出了一种基于上下文语义的恶意域名语料提取模型.该模型分别从恶意域名所在语句的上下文单词、短语进行语义分析,并利用自然语言处理技术自动生成描述恶意域名的语料.通过该模型对公开的APT(Advanced Persistent Threat)分析文档数据提取了大量恶意域名语料数据.利用安全博客文章数据并结合基于随机森林算法的机器分类模型对论文提取的恶意语料的有效性进行了验证.%To solve the problem of omitting and false positive in extracting malicious domains based on whitelist filtering technology in massive text,a contextual semantic-based model for extracting malicious domain corpus is presented.The proposed approach is based on the context words and phrases which describes malicious domains in a technical way,and natural language processing technology is used to automatically generate corpus from sentences which contain malicious domains. Malicious domain corpus is generated from many advanced persistent threat reports and articles with the proposed model.The malicious corpus extracted from documents is verified by random forest classifier.
展开▼