Method and device for realizing malicious domain name identification

A domain name and malicious technology, applied in the field of information security, can solve problems such as unsatisfactory accuracy and recall rate, difficult physical location location of C&C server, and inability to identify malicious domain names

Active Publication Date: 2015-11-04
BEIJING VENUS INFORMATION SECURITY TECH +1
View PDF3 Cites 58 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, this method has the problem of unsatisfactory precision and recall.
The malicious domain name identification method with dynamic features is generally based on the original data through active detection of DNS records. Although the identification effect is good, it cannot respond in real time, and the application conditions are harsh.
[0008] DNS technology has become a protective ba

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for realizing malicious domain name identification
  • Method and device for realizing malicious domain name identification
  • Method and device for realizing malicious domain name identification

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0078] figure 1 A flow chart of the method for realizing malicious domain name identification in the present invention, such as figure 1 shown, including:

[0079] Step 100 , extracting a dynamic feature set of a domain name system (DNS) domain name, and performing a high-credibility judgment of a malicious domain name with dynamic features on the dynamic feature set through a credible judgment model of a malicious domain name with dynamic features.

[0080] Here, the dynamic feature set at least includes: features related to IP, and / or the consistency rate of the primary domain name of the authoritative DNS server.

[0081] It should be noted that the high-confidence judgment of the malicious domain name is judged by the SVM of the prior art,

[0082] For a domain name, its feature is a vector (or array), such as [1:0.1,2:0.4,3:0.1,…,8:0.9], which is used as the input of the support vector machine (SVM), and its output [MaliProbability:0.3,NormProbability:0.7], at this tim...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method and a device for realizing malicious domain name identification. The method comprises the following steps: extracting a dynamic characteristic set of a domain name system (DNS) domain name, and making malicious domain name high credibility judgment on the dynamic characteristics of the dynamic characteristic set through a malicious domain name credibility judgment model of the dynamic characteristics; and determining whether the DNS domain name is a malicious domain name according to the malicious domain name high credibility judgment result of the dynamic characteristic set, and storing the result about whether the DNS domain name is a malicious domain name in a corresponding black or white list, wherein the dynamic characteristic set at least includes IP-related characteristics and/or authoritative DNS server main domain name consistence rate. By adopting the technical scheme, a malicious domain name can be determined according to the dynamic characteristic set, and the efficiency of malicious domain name identification is improved through static characteristic high credibility judgment and dynamic characteristic high credibility judgment.

Description

technical field [0001] The invention relates to the field of information security, in particular to a method and device for realizing identification of malicious domain names. Background technique [0002] Domain Name System (DNS) and its supporting technologies, DNS has become an indispensable technology for the Internet, and it is the Internet entrance for most users and application systems. It has the function of decoupling IP and domain names and can be configured flexibly. In recent years, With the gradual popularization of technologies such as Round-robin DNS and Content Distribution Network (CDN, Content Distribution Network), DNS technology has been widely used in load balancing and high-reliability network architecture design. [0003] But what follows is that the application of DNS technology has also attracted the attention of hackers, and DNS technology has become a protective barrier for hackers. Because the cost of this barrier is very low and the effect is go...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L29/12
Inventor 侯伟曲武周涛
Owner BEIJING VENUS INFORMATION SECURITY TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap