Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Suspicious domain name detection method and device

A domain name detection and domain name technology, applied in the field of network security, can solve the problems of misclassification of normal domain names, difficulty in finding normal domain name samples and abnormal domain name sample sets, and inability to accurately identify abnormal domain names, etc.

Active Publication Date: 2018-02-06
CHINA UNITED NETWORK COMM GRP CO LTD
View PDF5 Cites 29 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Based on the above content, the inventors of the present application have found that when using the existing rules for normal domain names and abnormal domain names in the prior art to identify domain names, it is often difficult to find comprehensive and accurate samples of normal domain names and abnormal domain names. Collection training, that is, there may be undiscovered malicious domain name samples in the normal sample domain name, resulting in wrong classification in the normal domain name and malicious domain name collection samples, resulting in the inability to accurately identify abnormal domain names

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Suspicious domain name detection method and device
  • Suspicious domain name detection method and device
  • Suspicious domain name detection method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0021] Embodiments of the present application are described below in conjunction with the accompanying drawings.

[0022] The embodiments of the present application are applied in the scenario of detecting the IP address corresponding to the suspicious domain name.

[0023] First of all, the description of the technical data used in the embodiments of this application is as follows:

[0024] At present, in botnets and malicious software, in order to keep the communication between the controlled terminal program and the control terminal site in sync, the domain name conversion technology based on the DGA algorithm is widely used. Specifically, the controlled end and the botnet control end adopt the same domain name generation strategy, constantly register and use new domain names (for example, change and use new domain names every day) to evade detection, and the controller preempts these maliciously generated domain names in advance.

[0025] These domain names based on domai...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A suspicious domain name detection method and a device relate to the network safety field; the embodiment of the application can utilize a zombie Trojan system detection log and a DNS log to detect the IP address of a suspicious domain name; the method comprises the following steps: obtaining the IP address of an active zombie Trojan control end according to the zombie Trojan system detection log;obtaining a corresponding relation between the IP address and the domain name in a detection period according to the DNS log; obtaining an IP address with a corresponding domain name number bigger than a second threshold; extracting a key domain name string of each domain name corresponding to the IP address, calculating the appearance frequency of the character in a preset scope, wherein the preset scope comprises key domain name strings of all domain names corresponding to the IP address; using a cluster algorithm to cluster the IP addresses; determining a suspicious point cluster accordingto the number of active zombie Trojan points contained by each point cluster; determining the IP address included by the suspicious point cluster as the IP address corresponding to the suspicious domain name. The method and device are used for detecting suspicious domain names.

Description

technical field [0001] The present application relates to the field of network security, in particular to a suspicious domain name detection method and device. Background technique [0002] With the development of social informatization, the Internet has penetrated into all aspects of social life. Subsequently, problems such as botnets and malicious software in the network pose a great threat to network security. At the same time, controllers of security threats such as botnets and malware often use DGA (Domain generate algorithm, domain name generation algorithm) to generate multiple domain names, and then evade the defender's monitoring and security by constantly changing their domain names and IP addresses for domain name resolution. Blocking, which makes network security defense more difficult. [0003] Currently, classification-based algorithms are mainly used in the prior art, and domain name classification rules are obtained by using known normal domain name sample ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/12
CPCH04L63/1425H04L63/145H04L2463/144H04L61/4511
Inventor 朱安南姜楠马铮
Owner CHINA UNITED NETWORK COMM GRP CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com