C&C domain name identification method based on domain name feature

An identification method and a technology of domain name characteristics, applied in the field of network security, can solve the problems of error-prone division of host domain name request sequences, low applicability and generalization of prediction models, and difficulty in realizing accurate identification of actual domain names, so as to overcome low applicability and Promote, save manpower and material resources, and enhance the effect of strong landing
CN105072214AActive Publication Date: 2015-11-18CTRIP COMP TECH SHANGHAI
4 Cites 17 Cited by

Patent Information

Authority / Receiving Office
CN · China
Current Assignee / Owner
CTRIP COMP TECH SHANGHAI
Publication Date
2015-11-18

Smart Images

  • Figure 1
    Figure 1
Patent Text Reader

Abstract

The invention discloses a C&C domain name identification method based on domain name features. The method comprises the following steps: S1, generating a quantitative index for judging domain name categories specific to given domain names based on the qualitative features of the domain names; S2, randomly extracting a part of domain names from the given domain names to be input into a training data set, inputting the rest domain names into a testing data set, and generating a domain name category judging model based on the training data set with a decision tree integration algorithm; S3, judging the domain name categories of the rest domain names in the testing data set with the generated domain name category judging model, comparing the domain name categories of the rest domain names in the testing data set with the practical categories of the rest domain names, and calculating the prediction performance index of the domain name category judging model; S4, correcting the domain name categories judged by the domain name category judging model; and S5, generating the statistics result of a single domain name based on the corrected domain name categories. Through adoption of the C&C domain name identification method, a C&C domain name can be found accurately, and the high landing property, feasibility and comprehensibility of the model are enhanced.
Need to check novelty before this filing date? Find Prior Art

Description

technical field

[0001] The invention relates to the field of network security, in particular to a C&C domain name identification method based on domain name features. Background technique

[0002] The prior art on C&C domain name (a type of domain name) identification in this field is specifically as follows:

[0003] 1. Topic: Using Machine Learning to Identify Randomly Generated C&C Domain Names

[0004] Content: Take the C&C domain names generated by the DGA algorithm (domain name generation algorithm) and the top 100,000 legitimate domain names in the Alexa ranking (world ranking of websites) as positive and negative examples, and generate quantitative indicators that can effectively identify the two types of domain names. After generating the corresponding indicators, use the support vector machine model to judge the domain name category.

[0005] Disadvantages: The C&C domain name generated by the DGA algorithm contains a single type of domain name, resulting in a si...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More