Supercharge Your Innovation With Domain-Expert AI Agents!

Method and device for abnormal domain name detection

A domain name detection and domain name technology, which is applied in the field of network security, can solve the problems of tediousness and low efficiency in detecting abnormal domain names, and achieve the effects of improving detection efficiency, high accuracy, and saving computing resources

Active Publication Date: 2019-09-24
神州网云(北京)信息技术有限公司
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The traditional method of detecting abnormal domain names is relatively cumbersome. Each domain name needs to be captured and analyzed, and the efficiency of detecting abnormal domain names is relatively low.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for abnormal domain name detection
  • Method and device for abnormal domain name detection

Examples

Experimental program
Comparison scheme
Effect test

example 1

[0060] Example 1: Based on the statistics of the domain name IP change feature data, the server finds that a domain name IP has changed four times within a month, and the preset domain name IP change threshold is three times, the number of changes is greater than the preset domain name IP The number of times threshold has changed, so it is determined that the domain name is an abnormal domain name.

example 2

[0061] Example 2: Based on the statistical IP change characteristic data of the domain name, the server finds that a certain domain name IP has been changed four times within one month, and the IPs of the changed four times belong to four different countries or regions. The preset domain name IP change times threshold is three, and the preset domain name IP attribution number threshold is three, then the IP change characteristic data of the two domain names are both greater than the corresponding threshold, so it is determined that the domain name is an abnormal domain name. In this example, if the attributions of the transformed four domain name IPs are two different countries or regions, one of the two domain name IP change feature data is greater than the corresponding threshold, and the domain name can also be determined to be an abnormal domain name .

[0062] During specific implementation, multiple kinds of domain name IP change feature data can be judged in turn, if an...

example 3

[0066] Example 3: Based on the statistical IP change feature data of the domain name, the server sorts the domain name IP change feature data from large to small, and finds that a certain domain name ranks second in the number of domain name IP change times within a month, and it is determined to be abnormal If the range of the specified number of domain names is within the top five and includes the fifth, then the domain name IP change characteristic data belongs to the range of the specified number of top ranks, so it is determined that the domain name is an abnormal domain name.

[0067] If there are multiple types of domain name IP change feature data corresponding to the domain name, the judgment process is similar to that in Example 2.

[0068] The above two methods can judge whether the domain name is an abnormal domain name only by the numerical value and sorting of the domain name IP change feature data, avoiding packet capture and analysis of all data, and can improve...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present invention belongs to the technical field of network security, and provides a method and device for detecting abnormal domain names. To detect abnormal domain names, it is first necessary to obtain domain name system resolution data; and then calculate the domain name system resolution data according to the domain name system resolution data. The domain name IP change feature data of each domain name; finally, according to whether the domain name IP change feature data meets the preset abnormal domain name determination conditions, it is judged whether each corresponding domain name is an abnormal domain name. The present invention only needs to use whether the domain name IP change feature data meets the preset abnormal domain name determination conditions to determine whether the corresponding domain name is an abnormal domain name. Compared with the existing packet capture detection method, the entire flow of the domain name is avoided. The data is analyzed, so that computing resources can be effectively saved, and then the detection efficiency of abnormal domain names can be improved. At the same time, the detection of abnormal domain names in the present invention has a relatively high accuracy rate.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a method and device for detecting abnormal domain names. Background technique [0002] With the development of network technology, the domain name resolution system is widely used, and the network security problems caused by the domain name resolution system are also increasing, such as malicious attacks against the domain name system, domain name hijacking, and tampering with domain name information. Botnets are a Very serious network security problem. The botnet adopts the technology of rapid change of domain name, so that the domain name accessed by the botnet corresponds to different proxy hosts. It is difficult to find the botnet parent, but the domain name is a very important link between the bot and the control server. You can find the corresponding domain name , to prevent its attack behavior, and finally contain the development of botnets by blocking domain nam...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L29/12
CPCH04L61/30H04L63/14H04L61/4511
Inventor 宋超杨洪国
Owner 神州网云(北京)信息技术有限公司
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com