Malicious domain name determination method based on frequency characteristics

A judgment method and domain name technology, applied in the field of network information security, to achieve the effect of enhancing adaptability, reducing accidental and false positives

Inactive Publication Date: 2017-02-22
绵阳灵先创科技有限公司
View PDF5 Cites 15 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, these techniques for detecting attack events based on malicious domain names have certain limitations, so this scheme proposes an evaluation system based on fu...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious domain name determination method based on frequency characteristics
  • Malicious domain name determination method based on frequency characteristics
  • Malicious domain name determination method based on frequency characteristics

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0016] The present invention will be described in detail below in conjunction with the accompanying drawings and specific embodiments.

[0017] In the domain name risk level evaluation system of the malicious domain name determination method of the present invention, we comprehensively evaluate the risk level of the domain name from two aspects respectively, and its structure is as follows figure 1 shown.

[0018] The first stage, high-frequency analysis and domain name analysis. Divide the time period and periodically count the top 10 commonly used domain names of each host. According to statistical laws and the rules of each host’s Internet access, periodically count the top 10 commonly used domain names of each host. Generally, the list of Top 10 will basically not change. The Internet access is stable. If the list of Top 10 has changed greatly, it is considered that the "behavior" of the host during this period is abnormal compared with usual, which is likely to be attack...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a malicious domain name determination method based on frequency characteristics in the field of network information security. The invention is characterized by putting forward a method for detecting network attacks by fusing a multi-dimensional frequency characteristic evaluation system, synthesizing high-frequency domain name resolution and search engine collection analysis and evaluating the risk levels of malicious domain names. The existing method for judging a domain name as a malicious domain name based on a single condition has high false alarm rate, which needs to be urgently solved. The method adopts the multi-dimensional frequency characteristic evaluation system for allocating different weights for different level determination conditions, performing overall evaluation on a domain name according to the weight of each condition to obtain a risk level percentage that the domain name is a malicious domain name, and then determining whether the domain name is a malicious domain name.

Description

technical field [0001] The invention belongs to the field of network information security, relates to a method for judging a malicious domain name, in particular to a method for judging a malicious domain name based on frequency characteristics. Background technique [0002] In recent years, network attacks are common, and network information security is of paramount importance. Cyber ​​attackers use various methods to enter the target host and steal user information. After the attacker enters the target host, he usually uses a malicious domain name to connect back to the control server. This behavioral pattern is one of the most important discovery and detection opportunities attackers give defenders. We can determine whether the host has been attacked based on frequency feature detection of malicious domain names (malicious domain names: including C&C domain names, botnet domain names, RAT domain names, etc.). [0003] Among the existing technologies for detecting netwo...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L29/12
CPCH04L63/1416H04L63/1441H04L61/4511
Inventor 不公告发明人
Owner 绵阳灵先创科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap