Method and device for detecting algorithm generation domain name

A domain name and algorithm technology, which is applied in the field of detection of algorithm-generated domain names, can solve problems such as the inability to quickly detect algorithm-generated domain names, and achieve the effect of fast detection

Active Publication Date: 2018-03-06
ZTE CORP +1
View PDF5 Cites 14 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The present invention provides a method and device for detecting algorithm-generated domain names to solve the problem that the prior art cannot quickly detect algorithm-generated domain names

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for detecting algorithm generation domain name
  • Method and device for detecting algorithm generation domain name
  • Method and device for detecting algorithm generation domain name

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0050] Since attackers need to generate a large number of domain names while avoiding conflicts between their C&C domain names and normal domain names, the character characteristics of the domain names generated by these algorithms will be very different from normal domain names and have strong randomness. Therefore, this The invention provides a method and device for detecting algorithm-generated domain names, modeling the character conversion probability, and describing the difference in character distribution between algorithm-generated domain names and normal domain names, so that it can respond quickly to algorithm-generated domain names and be able to cope with environmental problems. Only a single ip exists. The present invention will be described in further detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the prese...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method and device for detecting an algorithm generation domain name, and the method comprises the steps: generating an algorithm through a probability model; building a random model and a normal model through an algorithm generation domain name set and a normal domain name set, and detecting the algorithm generation domain name through the above models, thereby achievingthe quick detection of the algorithm generation domain name, and effectively solving a problem that the quick detection of the algorithm generation domain name cannot be achieved in the prior art.

Description

technical field [0001] The invention relates to the field of communication technology, in particular to a method and device for detecting domain names generated by algorithms. Background technique [0002] Compared with uncontrolled malware such as worms and viruses in the early days, most current attackers control their malware through a command and control (C&C) channel to implement more targeted attacks. At the same time, due to the convenience brought by the Domain Name System (DNS), using DNS to locate the C&C server has become a mainstream method. [0003] In order to evade detection, attackers will use Domain Generation Algorithm (DGA) to generate a large number of random domain names at regular intervals for access. These domain names are also called algorithm-generated domain names to determine the real C&C domain names. Taking the well-known botnet conficker as an example, it generates 250 domain names per hour and randomly selects 32 of them for connection attemp...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/12
CPCH04L63/1441H04L63/1483H04L61/4511H04L65/40
Inventor 孙默罗熙王利明杨婧
Owner ZTE CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap