A malicious domain name identification method and device

A domain name, malicious technology, applied in transmission systems, electrical components, etc., can solve problems such as low accuracy, inability to respond to malicious domain names in time, and large lag

Active Publication Date: 2019-06-14
BEIJINGNETENTSEC
View PDF8 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] However, there is a large lag in blocking through the malicious domain name database, and it is impossible to respond to new malicious domain names in time
However, the methods of data mining and cloud analysis have the problems of high overhead and low accuracy.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A malicious domain name identification method and device
  • A malicious domain name identification method and device
  • A malicious domain name identification method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0042] figure 1 It is a schematic flow diagram of a malicious domain name identification method according to an embodiment of the present invention. The subject of execution of the method may be a server, such as: Domain Name System (DNS, Domain Name System) server or Intrusion Prevention System (IPS, Intrusion Prevention System) server , and the server may be a virtual machine.

[0043] Such as figure 1 As shown, the malicious domain name identification method includes:

[0044] Step 101: record the corresponding relationship between the domain name and the IP address of the application for access or resolution;

[0045] Specifically, the DNS server resolves the domain name requested for access or resolution, and obtains the IP address corresponding to the domain name; records the correspondence between the domain name and the IP address.

[0046] Wherein, recording the corresponding relationship between the domain name and the IP address may be to establish a domain name ...

Embodiment 2

[0067] figure 2 It is a schematic diagram of a malicious domain name identification device in Embodiment 2 of the present invention, such as figure 2 As shown, the device includes: a recording module 21, a determination module 22 and an identification module 23; wherein,

[0068] The recording module 21 is used to record the corresponding relationship between the domain name and the IP address of the application for access or resolution;

[0069] The determining module 22 is configured to determine the malicious IP address, and determine the malicious domain name corresponding to the malicious IP address according to the correspondence between the domain name and the IP address, and add the malicious domain name to the malicious domain name database;

[0070] The identification module 23 is configured to identify the domain name that is applied for access or resolution according to the malicious domain name database.

[0071] In order to explain more clearly, each module w...

Embodiment 3

[0096] Based on the malicious domain name identification device of the second embodiment, in practical application, a malicious domain name identification system can be provided.

[0097] image 3 It is a schematic diagram of the third malicious domain name identification system in the embodiment of the present invention, such as image 3 As shown, the malicious domain name identification system includes: DNS server 31, IPS server 32, cloud client 33, cloud server 34, wherein,

[0098] Described DNS server 31 is used for: identifying the domain name that applies for visit or resolution, if described domain name is in the whitelist, then directly ignore, allow it to enter IPS server 32;

[0099] If the domain name is a domain name in the malicious domain name database, corresponding processing is carried out, such as prohibiting entry, etc.;

[0100] If the domain name is neither in the white list nor in the malicious domain name database, it is analyzed, and the correspondin...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a malicious domain name identification method and device, which record the corresponding relationship between the domain name applied for access or resolution and the IP address; determine the malicious IP address, and determine the corresponding relationship with the malicious IP address according to the corresponding relationship between the domain name and the IP address. The domain name is a malicious domain name, and the determined malicious domain name is recorded; the domain name that is applied for access or resolution is identified according to the recorded malicious domain name.

Description

technical field [0001] The invention relates to network attack defense technology, in particular to a malicious domain name identification method and device. Background technique [0002] Malicious domain names are a relatively popular method of network attack. It is often used to counterfeit other standard websites, help viruses and Trojans spread faster, steal sensitive user information, obtain hacker attack instructions and other attack scenarios. [0003] Existing defense technologies are generally blocked based on malicious domain name databases. Malicious domain name databases generally come from attack collection and reverse cracking of malicious Trojan horse programs. Some specialized security organizations regularly update malicious domain name databases. Another defense method is based on data mining and cloud analysis, collect a large number of domain name requests, upload them locally or to the cloud, and conduct analysis and mining based on behavioral character...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L29/12
CPCH04L63/1416H04L61/4511
Inventor 陈鑫
Owner BEIJINGNETENTSEC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap