Unlock instant, AI-driven research and patent intelligence for your innovation.

A detection method and device for a DGA domain name

A technology of domain names and detection results, applied in the field of network security, can solve the problems of inaccurate detection results, time-consuming and labor-intensive, etc., and achieve the effect of accurate detection

Active Publication Date: 2021-08-03
BEIJING QIANXIN TECH
View PDF13 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The methods in the prior art are also based on machine learning to construct a classifier to detect DGA domain names, but this type of method mainly has the following shortcomings: first, it needs to collect training data in advance, which is time-consuming and labor-intensive; second, DGA types that are not in the training set are not will be detected, that is, the detection result is inaccurate

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A detection method and device for a DGA domain name
  • A detection method and device for a DGA domain name
  • A detection method and device for a DGA domain name

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0032] In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments It is a part of embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.

[0033] In order to better understand the embodiment of the present invention, the DGA behavior law is described as follows:

[0034] A DGA domain name is a domain name generated using a predetermined algorithm. Usually, malicious code generates a batch of DGA domain names on a regular basis (eg, every day), and pre-registers a small part of them....

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

An embodiment of the present invention provides a method and device for detecting a DGA domain name. The method includes: clustering the domain names to obtain several domain name sets containing domain names with similar characteristics; performing domain name generation on the domain names in the domain name set Algorithm DGA detection; if it is determined that the detection result is that there is a DGA domain name, then it is determined that the sender of the domain name request corresponding to the DGA domain name is a terminal implanted with malicious code. The apparatus performs the method described above. The DGA domain name detection method and device provided by the embodiments of the present invention can efficiently and accurately detect the DGA domain name, so as to determine whether the sender of the domain name request corresponding to the DGA domain name is a terminal implanted with malicious code.

Description

technical field [0001] The embodiment of the present invention relates to the technical field of network security, in particular to a method and device for detecting a DGA domain name. Background technique [0002] DGA (Domain Name Generation Algorithm) is a technical method that uses random characters to generate C&C domain names to evade domain name blacklist detection. For example: a DGA generated domain xeogrhxquuubt.com created by malware Cryptolocker, if our process tries to establish other connections, then our machine may be infected with Cryptolocker ransomware. Domain name blacklist is usually used to detect and block the connection of these domains, but it is not effective for the constantly updated DGA algorithm. The methods in the prior art are also based on machine learning to construct a classifier to detect DGA domain names, but this type of method mainly has the following shortcomings: first, it needs to collect training data in advance, which is time-consu...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L29/12
CPCH04L63/1416H04L63/145H04L61/4511
Inventor 肖军
Owner BEIJING QIANXIN TECH