Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Machine learning-based domain generation algorithm (DGA) domain name rapid determining method and device

A machine learning and domain name technology, applied in the field of network security, can solve problems such as poor generalization performance, low accuracy rate, single feature consideration, etc., to achieve the effect of improving judgment accuracy, accelerating training and testing, and improving computing efficiency

Inactive Publication Date: 2018-02-09
HANGZHOU ANHENG INFORMATION TECH CO LTD
View PDF6 Cites 23 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The traditional method mainly relies on the experience of white hats for detection. This method consumes a lot of manpower and is difficult to meet today's huge task requirements.
Another type of method is based on feature construction, triggered by similarity measurement, and obtains the threshold by calculating sample pairs, so as to determine whether the domain name to be detected is a DGA domain name. It uses a relatively simple similarity measurement method, considers a single feature, and has relatively low generalization performance. Poor, the accuracy rate is not high

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Machine learning-based domain generation algorithm (DGA) domain name rapid determining method and device
  • Machine learning-based domain generation algorithm (DGA) domain name rapid determining method and device
  • Machine learning-based domain generation algorithm (DGA) domain name rapid determining method and device

Examples

Experimental program
Comparison scheme
Effect test

no. 1 example

[0030] Please refer to figure 2 , the present embodiment provides a machine learning-based DGA domain name rapid discrimination method, applied to a machine learning-based DGA domain name rapid discrimination device, the method comprising:

[0031] Step S200: Construct a training set comprising multiple DGA domain names and normal domain names;

[0032] In this embodiment, the DGA domain name may also be called a positive example, which may include a DGA domain name generated by a common DGA algorithm, and a malicious domain name obtained through open source channels. The normal domain name can also be called a counter-example, which can include currently recognized harmless normal domain names, such as multiple top-ranked domain names in the Alexa website.

[0033] For example, the domain name "www.google.com", which is a normal domain name.

[0034] Step S210: extracting domain name features of each domain name in the training set;

[0035] In this embodiment, before extra...

no. 2 example

[0126] Please refer to Figure 10 , the present embodiment provides a machine learning-based DGA domain name fast identification device 600, which includes:

[0127] A training set construction module 610, configured to construct a training set comprising multiple DGA domain names and normal domain names;

[0128] A feature extraction module 620, configured to extract domain name features of each domain name in the training set;

[0129] A normalization module 630, configured to normalize the features of the domain name to obtain a set of feature data;

[0130] A model building module 640, configured to build a domain name classifier model based on the feature data set.

[0131] To sum up, the machine learning-based DGA domain name fast discrimination method and device provided by the embodiment of the present invention firstly constructs a training set containing multiple DGA domain names and normal domain names to provide sufficient samples for subsequent establishment of ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a machine learning-based domain generation algorithm (DGA) domain name rapid determining method and device, relating to the technical field of network security. The machine learning-based DGA domain name rapid determining method comprises the steps of building a training set comprising multiple DGA domain names and normal domain names; extracting a domain name characteristicof each domain name in the training set; normalizing the domain name characteristics so as to obtain a characteristic data set; and building a domain name classifier model according to the characteristic data set. According to the method and device, richer, more representative domain name characteristics are extracted by researching the domain names; the characteristic data is normalized so as tospeed up training and tests to improve calculation efficiency; and finally, the characteristic data set is trained by using a machine learning algorithm so as to obtain the domain name classifier model, so that determining accuracy is improved, further, generalization capability is improved.

Description

technical field [0001] The present invention relates to the technical field of network security, in particular to a method and device for quickly identifying DGA domain names based on machine learning. Background technique [0002] DGA domain name refers to a series of random domain names generated by Domain Generation Algorithm. This method is common in botnets (Botnet), such as conficker, zeus, etc., they will use a private random string generation algorithm to generate some random string domain names every day according to dates or other random seeds, and then modify some of the domain names Register to commit fraud, spread malware, distribute pornographic content and other illegal activities. [0003] As technologies such as Domain-Flux and Fast-Flux are more and more widely used by hackers, cyber attacks using DGA domain names are more concealed and difficult to track. As long as the infected machines in the botnet try to generate these random domain names according t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L29/12
CPCH04L63/1416H04L63/1441H04L61/4511
Inventor 莫凡范渊刘博
Owner HANGZHOU ANHENG INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com