Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

C&C domain name identification method based on domain name feature

An identification method and a technology of domain name characteristics, applied in the field of network security, can solve the problems of error-prone division of host domain name request sequences, low applicability and generalization of prediction models, and difficulty in realizing accurate identification of actual domain names, so as to overcome low applicability and Promote, save manpower and material resources, and enhance the effect of strong landing

Active Publication Date: 2015-11-18
CTRIP COMP TECH SHANGHAI
View PDF4 Cites 17 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] Disadvantages: The C&C domain name generated by the DGA algorithm contains a single type of domain name, resulting in a single type of domain name contained in the training data set. Therefore, the prediction model generated by training in this way has low applicability and generalizability, and it is difficult to realize the category of the actual domain name. Accurate discrimination
[0008] Disadvantages: The thresholds taken for some features are subjective and arbitrary, not calculated by the model, and lack a certain degree of objectivity
[0011] Disadvantages: Two detection algorithms based on DNS invalidation, DGA domain name detection and invalid C&C domain name detection, are easily affected by IP (interconnection protocol between networks) spoofing and DNS spoofing
The division boundary of the DNS request sequence detected by invalid C&C is 0 points. This boundary is easy to mistakenly divide the host domain name request sequence, which affects the accuracy of periodic judgment

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • C&C domain name identification method based on domain name feature

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0029] The present invention is further illustrated below by means of examples, but the present invention is not limited to the scope of the examples.

[0030] Such as figure 1 As shown, the C&C domain name identification method based on the domain name feature of the present invention comprises the following steps:

[0031] Step 101, based on the qualitative characteristics of distinguishable domain name categories, generate quantitative indicators for determining domain name categories for a given domain name; the generated quantitative indicators may include, for example, the proportion of vowels in domain names, the number of occurrences of pinyin in domain names, etc. ;

[0032] Step 102, randomly extract some domain names from the given domain names to enter the training data set, and enter the remaining domain names into the test data set, and apply the decision tree integration algorithm bagging algorithm to generate a domain name category judgment model based on the ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a C&C domain name identification method based on domain name features. The method comprises the following steps: S1, generating a quantitative index for judging domain name categories specific to given domain names based on the qualitative features of the domain names; S2, randomly extracting a part of domain names from the given domain names to be input into a training data set, inputting the rest domain names into a testing data set, and generating a domain name category judging model based on the training data set with a decision tree integration algorithm; S3, judging the domain name categories of the rest domain names in the testing data set with the generated domain name category judging model, comparing the domain name categories of the rest domain names in the testing data set with the practical categories of the rest domain names, and calculating the prediction performance index of the domain name category judging model; S4, correcting the domain name categories judged by the domain name category judging model; and S5, generating the statistics result of a single domain name based on the corrected domain name categories. Through adoption of the C&C domain name identification method, a C&C domain name can be found accurately, and the high landing property, feasibility and comprehensibility of the model are enhanced.

Description

technical field [0001] The invention relates to the field of network security, in particular to a C&C domain name identification method based on domain name features. Background technique [0002] The prior art on C&C domain name (a type of domain name) identification in this field is specifically as follows: [0003] 1. Topic: Using Machine Learning to Identify Randomly Generated C&C Domain Names [0004] Content: Take the C&C domain names generated by the DGA algorithm (domain name generation algorithm) and the top 100,000 legitimate domain names in the Alexa ranking (world ranking of websites) as positive and negative examples, and generate quantitative indicators that can effectively identify the two types of domain names. After generating the corresponding indicators, use the support vector machine model to judge the domain name category. [0005] Disadvantages: The C&C domain name generated by the DGA algorithm contains a single type of domain name, resulting in a si...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/12H04L29/06
CPCH04L63/1408H04L61/4511
Inventor 唐力岳扶天周海燕
Owner CTRIP COMP TECH SHANGHAI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com