Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A Malicious Domain Name Detection Method Based on Knowledge Graph

A technology of knowledge graph and domain name detection, which is applied in the field of network security, can solve the problem that the static blacklist strategy cannot be flexibly expanded, and achieve the effect of rich dimensions, complete information, and improved accuracy

Active Publication Date: 2021-06-22
SUN YAT SEN UNIV
View PDF3 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] Aiming at the problem that the existing static blacklist strategy cannot be flexibly expanded, the present invention provides a malicious domain name detection method based on knowledge graph, which includes the following steps:

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A Malicious Domain Name Detection Method Based on Knowledge Graph
  • A Malicious Domain Name Detection Method Based on Knowledge Graph
  • A Malicious Domain Name Detection Method Based on Knowledge Graph

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0034] The present invention provides a malicious domain name detection method based on knowledge graph, such as figure 1 shown, including the following steps:

[0035] S1. According to the characteristics of the domain name information, extract the key features that can be used to construct the domain name reputation knowledge map;

[0036] S2. Aggregation of domain name information: use the obtained existing data to maximize the integration of information contained in the domain name, and provide data sources for the creation of knowledge graphs; data through the knowledge graph construction engine, amplify domain name knowledge from the perspective of data mining; knowledge The map construction engine uses the obtained domain name data to construct a domain name reputation knowledge map;

[0037] S3. For a given specific domain name, use the fusion of multi-source information and multiple methods to determine the model to give a prediction result, and at the same time feed...

Embodiment 2

[0061] This embodiment provides a method for detecting malicious domain names based on knowledge graphs. The operation of this system requires the support of domain name data. First, the source of the data is given. Domain name data is obtained from the four aspects in Table 1. Possible data sources include regional Internet registries, major Internet service providers, domain name registrars, domain name popularity evaluation websites, and open lists of malicious domain names. The regional Internet registry provides the system with the necessary domain name and IP static data information; the major Internet service providers provide the system with historical and real-time domain name resolution records, and support the analysis of domain name resolution behavior; the domain name registrar provides the system with new domain name registration Data to support the analysis of domain name registration behavior; the domain name popularity evaluation website provides positive sampl...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for detecting a malicious domain name based on a knowledge graph, which includes the following steps: S1. According to the characteristics of the domain name information, extract the key features used to construct the domain name reputation knowledge graph; S2. Use the obtained existing data to integrate information to provide data sources for the creation of knowledge graphs; the data amplifies domain name knowledge through the knowledge graph construction engine; the knowledge graph construction engine uses the obtained domain name data to construct domain name reputation knowledge graphs; S3. The multi-source information and multi-method judgment model gives the prediction result. The present invention has the following advantages: 1. The dimension of domain name information is richer, and the information contained is more complete; 2. It can better cope with the explosive growth of domain name data, and the construction of knowledge graph can process massive data more quickly; 3. Domain name information and behavior patterns form a relational network, and the sensitivity of the knowledge graph to the relational network is used to deeply mine the information in the relational network.

Description

technical field [0001] The present invention relates to the technical field of network security, and more specifically, to a method for detecting malicious domain names based on knowledge graphs. Background technique [0002] In recent years, network security has become a hot spot of concern, and the methods of network attacks are also developing towards diversification, scale, complexity, and persistence. The domain name system provides domain name to IP resolution services for the modern Internet, which is the key to the normal operation of the network. infrastructure. Due to the criticality and vulnerability of the domain name system, the domain name system has become an ideal attack target for many attackers and is facing very serious security threats. In particular, malicious domain names are the carrier of attackers' attacks, and the number and threats are gradually increasing. For example, phishing URLs used by phishing websites, C&C servers used by malware for commu...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06G06F16/36G06F16/953G06F40/205G06F40/30
CPCH04L63/1441H04L63/1483G06F16/367G06F16/953G06F40/205G06F40/30
Inventor 金舒原张允义
Owner SUN YAT SEN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products