DGA扫描结论 - 365sec/tdga GitHub Wiki

DGA扫描结论

1、特征 textfeature ,选择方法 nb

python dga_detect3.py -i ../data/www.txt -o ../data/textfeature-nb-result.cvs -f textfeature -m nb

结果统计 (DGA个数统计)

cat textfeature-nb-result.cvs | grep DGA | wc -l

对22819233条域名进行扫描,得到DGA个数9578850

2、特征 textfeature ,选择方法 kmeans

python dga_detect3.py -i ../data/www.txt -o ../data/textfeature-kmeans-result.cvs -f textfeature -m kmeans 程序出错

3、特征 textfeature ,选择方法 mlp

python dga_detect3.py -i ../data/www.txt -o ../data/textfeature-mlp-result.cvs -f textfeature -m mlp

结果统计 (DGA个数统计)

cat textfeature-mlp-result.cvs | grep DGA | wc -l

对22819233条域名进行扫描,得到DGA个数8218237

4、特征 textfeature ,选择方法 svm

python dga_detect3.py -i ../data/www.txt -o ../data/textfeature-svm-result.cvs -f textfeature -m svm

raceback (most recent call last): File "dga_detect3.py", line 241, in dga_test.predict(options.input, options.output) File "dga_detect3.py", line 214, in predict self.predict_Webnames(Webnames, filewriter) File "dga_detect3.py", line 177, in predict_Webnames y_pred_prob = self.model.predict_proba(x) File "/home/test/ml_env/local/lib/python2.7/site-packages/sklearn/svm/base.py", line 590, in predict_proba self._check_proba() File "/home/test/ml_env/local/lib/python2.7/site-packages/sklearn/svm/base.py", line 557, in _check_proba raise AttributeError("predict_proba is not available when " AttributeError: predict_proba is not available when probability=False

5、特征 textfeature ,选择方法 xgboost

python dga_detect3.py -i ../data/www.txt -o ../data/textfeature-xgboost-result.cvs -f textfeature -m xgboost

结果统计 (DGA个数统计)

cat textfeature-xgboost-result.cvs | wc -l

cat textfeature-xgboost-result.cvs | grep DGA | wc -l

对22819233条域名进行扫描,得到DGA个数7940449

6、特征 234-gram,选择方法 mlp

python dga_detect3.py -i ../data/www.txt -o ../data/234-gram-mlp-result.cvs -f 234-gram -m mlp 代码错误,暂无法测试

7、特征 2-gram,选择方法 mlp

python dga_detect3.py -i ../data/www.txt -o ../data/2-gram-mlp-result.cvs -f 2-gram -m mlp

Traceback (most recent call last): File "dga_detect3.py", line 242, in <module> dga_test.predict(options.input, options.output) File "dga_detect3.py", line 215, in predict self.predict_Webnames(Webnames, filewriter) File "dga_detect3.py", line 177, in predict_Webnames y_pred = model.predict(x) File "/home/test/ml_env/local/lib/python2.7/site-packages/sklearn/neural_network/multilayer_perceptron.py", line 949, in predict y_pred = self._predict(X) File "/home/test/ml_env/local/lib/python2.7/site-packages/sklearn/neural_network/multilayer_perceptron.py", line 678, in _predict self._forward_pass(activations) File "/home/test/ml_env/local/lib/python2.7/site-packages/sklearn/neural_network/multilayer_perceptron.py", line 105, in _forward_pass self.coefs_[i]) File "/home/test/ml_env/local/lib/python2.7/site-packages/sklearn/utils/extmath.py", line 140, in safe_sparse_dot return np.dot(a, b) ValueError: shapes (101,169) and (1156,5) not aligned: 169 (dim 1) != 1156 (dim 0)

8、特征 2-gram,选择方法 nb

python dga_detect3.py -i ../data/www.txt -o ../data/2-gram-nb-result.cvs -f 2-gram -m nb

Traceback (most recent call last): File "dga_detect3.py", line 242, in <module> dga_test.predict(options.input, options.output) File "dga_detect3.py", line 215, in predict self.predict_Webnames(Webnames, filewriter) File "dga_detect3.py", line 177, in predict_Webnames y_pred = model.predict(x) File "/home/test/ml_env/local/lib/python2.7/site-packages/sklearn/naive_bayes. py", line 66, in predict jll = self._joint_log_likelihood(X) File "/home/test/ml_env/local/lib/python2.7/site-packages/sklearn/naive_bayes. py", line 433, in _joint_log_likelihood n_ij -= 0.5 * np.sum(((X - self.theta_[i, :]) ** 2) / ValueError: operands could not be broadcast together with shapes (101,169) (1156 ,)

9、特征 2-gram,选择方法 svm

python dga_detect3.py -i ../data/www.txt -o ../data/2-gram-svm-result.cvs -f 2-gram -m svm

Traceback (most recent call last): File "dga_detect3.py", line 242, in <module> dga_test.predict(options.input, options.output) File "dga_detect3.py", line 215, in predict self.predict_Webnames(Webnames, filewriter) File "dga_detect3.py", line 177, in predict_Webnames y_pred = model.predict(x) File "/home/test/ml_env/local/lib/python2.7/site-packages/sklearn/svm/base.py", line 548, in predict y = super(BaseSVC, self).predict(X) File "/home/test/ml_env/local/lib/python2.7/site-packages/sklearn/svm/base.py", line 308, in predict X = self._validate_for_predict(X) File "/home/test/ml_env/local/lib/python2.7/site-packages/sklearn/svm/base.py", line 459, in _validate_for_predict (n_features, self.shape_fit_[1])) ValueError: X.shape[1] = 169 should be equal to 1156, the number of features at training time

10、特征 2-gram,选择方法 xgboost

python dga_detect3.py -i ../data/www.txt -o ../data/2-gram-xgboost-result.cvs -f 2-gram -m xgboost

Traceback (most recent call last): File "dga_detect3.py", line 242, in <module> dga_test.predict(options.input, options.output) File "dga_detect3.py", line 215, in predict self.predict_Webnames(Webnames, filewriter) File "dga_detect3.py", line 177, in predict_Webnames y_pred = model.predict(x) File "/home/test/ml_env/local/lib/python2.7/site-packages/xgboost/sklearn.py", line 526, in predict ntree_limit=ntree_limit) File "/home/test/ml_env/local/lib/python2.7/site-packages/xgboost/core.py", line 1044, in predict self._validate_features(data) File "/home/test/ml_env/local/lib/python2.7/site-packages/xgboost/core.py", line 1288, in _validate_features data.feature_names)) ValueError: feature_names mismatch

11、特征 charseq,选择方法 rnn

python dga_detect3.py -i ../data/www.txt -o ../data/charseq-xgboost-rnn.cvs -f charseq -m rnn 模型固化出错

⚠️ **GitHub.com Fallback** ⚠️