C&C domain name identification method based on domain name feature

Abstract

The invention discloses a C&C domain name identification method based on domain name features. The method comprises the following steps: S1, generating a quantitative index for judging domain name categories specific to given domain names based on the qualitative features of the domain names; S2, randomly extracting a part of domain names from the given domain names to be input into a training data set, inputting the rest domain names into a testing data set, and generating a domain name category judging model based on the training data set with a decision tree integration algorithm; S3, judging the domain name categories of the rest domain names in the testing data set with the generated domain name category judging model, comparing the domain name categories of the rest domain names in the testing data set with the practical categories of the rest domain names, and calculating the prediction performance index of the domain name category judging model; S4, correcting the domain name categories judged by the domain name category judging model; and S5, generating the statistics result of a single domain name based on the corrected domain name categories. Through adoption of the C&C domain name identification method, a C&C domain name can be found accurately, and the high landing property, feasibility and comprehensibility of the model are enhanced.

Description

technical field [0001] The invention relates to the field of network security, in particular to a C&C domain name identification method based on domain name features. Background technique [0002] The prior art on C&C domain name (a type of domain name) identification in this field is specifically as follows: [0003] 1. Topic: Using Machine Learning to Identify Randomly Generated C&C Domain Names [0004] Content: Take the C&C domain names generated by the DGA algorithm (domain name generation algorithm) and the top 100,000 legitimate domain names in the Alexa ranking (world ranking of websites) as positive and negative examples, and generate quantitative indicators that can effectively identify the two types of domain names. After generating the corresponding indicators, use the support vector machine model to judge the domain name category. [0005] Disadvantages: The C&C domain name generated by the DGA algorithm contains a single type of domain name, resulting in a si...

AI Technical Summary

Problems solved by technology

[0005] Disadvantages: The C&C domain name generated by the DGA algorithm contains a single type of domain name, resulting in a single type of domain name contained in the training data set. Therefore, the prediction model generated by training in this way has low applicability and generalizability, and it is difficult to realize the category of the actual domain name. Accurate discrimination

[0008] Disadvantages: The thresholds taken for some features are subjective and arbitrary, not calculated b

Images