Malicious domain name detection method based on knowledge graph

A technology of knowledge graph and domain name detection, which is applied in the field of network security, can solve the problem that the static blacklist strategy cannot be flexibly expanded, and achieve the effect of rich dimensions, complete information, and improved accuracy

Active Publication Date: 2019-09-27
SUN YAT SEN UNIV
View PDF3 Cites 26 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] Aiming at the problem that the existing static blacklist strategy cannot be flexibly expanded, the present invention provides a malicious domain name detection method based on knowledge graph, which includes the following steps:

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious domain name detection method based on knowledge graph
  • Malicious domain name detection method based on knowledge graph
  • Malicious domain name detection method based on knowledge graph

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0034] The present invention provides a malicious domain name detection method based on knowledge graph, such as figure 1 shown, including the following steps:

[0035] S1. According to the characteristics of the domain name information, extract the key features that can be used to construct the domain name reputation knowledge map;

[0036] S2. Aggregation of domain name information: use the obtained existing data to maximize the integration of information contained in the domain name, and provide data sources for the creation of knowledge graphs; data through the knowledge graph construction engine, amplify domain name knowledge from the perspective of data mining; knowledge The map construction engine uses the obtained domain name data to construct a domain name reputation knowledge map;

[0037] S3. For a given specific domain name, use the fusion of multi-source information and multiple methods to determine the model to give a prediction result, and at the same time feed...

Embodiment 2

[0061] This embodiment provides a method for detecting malicious domain names based on knowledge graphs. The operation of this system requires the support of domain name data. First, the source of the data is given. Domain name data is obtained from the four aspects in Table 1. Possible data sources include regional Internet registries, major Internet service providers, domain name registrars, domain name popularity evaluation websites, and open lists of malicious domain names. The regional Internet registry provides the system with the necessary domain name and IP static data information; the major Internet service providers provide the system with historical and real-time domain name resolution records, and support the analysis of domain name resolution behavior; the domain name registrar provides the system with new domain name registration Data to support the analysis of domain name registration behavior; the domain name popularity evaluation website provides positive sampl...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a malicious domain name detection method based on a knowledge graph, which comprises the following steps: S1, extracting key features for constructing a domain name reputation knowledge graph according to domain name information features; S2, integrating the information contained in the domain name by using the obtained existing data, and providing a data source for the creation of the knowledge graph; amplifying domain name knowledge by the data through a knowledge graph construction engine; enabling the knowledge graph construction engine to construct a domain name reputation knowledge graph by using the obtained domain name data; and S3, for a given specific domain name, giving a prediction result by using the multi-source information and a plurality of method judgment models. The method has the advantages that 1, domain name information is richer in dimension, and contained information is more complete; 2, outbreak growth of domain name data can be better coped with, and mass data can be processed more quickly through construction of a knowledge graph; and 3, a relational network is formed by the domain name information and the behavior pattern, and the information in the relational network is deeply mined by utilizing the sensitivity of the knowledge graph to the relational network.

Description

technical field [0001] The present invention relates to the technical field of network security, and more specifically, to a method for detecting malicious domain names based on knowledge graphs. Background technique [0002] In recent years, network security has become a hot spot of concern, and the methods of network attacks are also developing towards diversification, scale, complexity, and persistence. The domain name system provides domain name to IP resolution services for the modern Internet, which is the key to the normal operation of the network. infrastructure. Due to the criticality and vulnerability of the domain name system, the domain name system has become an ideal attack target for many attackers and is facing very serious security threats. In particular, malicious domain names are the carrier of attackers' attacks, and the number and threats are gradually increasing. For example, phishing URLs used by phishing websites, C&C servers used by malware for commu...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06F16/36G06F16/953G06F17/27
CPCH04L63/1441H04L63/1483G06F16/367G06F16/953G06F40/205G06F40/30
Inventor 金舒原张允义
Owner SUN YAT SEN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap