Domain name traffic feature extraction method, device and equipment and readable storage medium

A technology of traffic features and extraction methods, applied in the field of network security, can solve the problems of less intuitive high-level features, low recognition accuracy, and omissions

Active Publication Date: 2020-10-30
SANGFOR TECH INC
View PDF5 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, manual feature extraction can only provide features that some people can understand, and often miss some unintuitive high-level features

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Domain name traffic feature extraction method, device and equipment and readable storage medium
  • Domain name traffic feature extraction method, device and equipment and readable storage medium
  • Domain name traffic feature extraction method, device and equipment and readable storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0086] Please refer to figure 1 , figure 1 The flow chart of the email account breach detection method provided by this embodiment; the method may include:

[0087] Step s110: Obtain domain name access traffic, and obtain traffic data to be processed.

[0088] The access traffic of a domain name refers to the change of the number of visits of a domain name over time. For example, counting the number of visits of a domain name every hour, the change of the number of visits over time within a period of time (one day or one week) is the domain name. flow.

[0089] The following table 1 shows the access traffic of a domain name A within one day. In this embodiment, only the following domain name access traffic is taken as an example. The access traffic at other statistical intervals can refer to the introduction of this embodiment. Let me repeat.

[0090]

[0091] Table 1

[0092] In this embodiment, the application scenarios are not limited, and the feature vectors propos...

Embodiment 2

[0121] In the first embodiment, there is no limitation on the subsequent processing means after step s140, wherein, in order to accurately distinguish the domain name types and avoid the threat of illegal domain names to network security, preferably, after step s140, the flow characteristic output sequence can be further Perform feature cluster analysis to obtain domain name classification results, such as legal domain names and illegal domain names.

[0122] The traffic feature output sequence obtained in step s140 can be directly used as the traffic feature of the domain name for domain name analysis, for example, feature analysis of a single domain name, or combined analysis of multiple sequence-to-sequence model output features; it can also be combined with other pre-extracted The combination of domain name features, wherein, preferably, the statistical features of the traffic and the output sequence of the traffic features can be combined, and the obtained result can be us...

Embodiment 3

[0127] In order to deepen the understanding of the domain name traffic feature extraction method provided by the present invention, this embodiment takes the local area network traffic feature extraction as an example for introduction, and other implementation modes can refer to the introduction of this embodiment.

[0128] It mainly includes the following steps:

[0129] Step s201: Collect domain name access traffic and other relevant information.

[0130] The DNS traffic and HTTP traffic corresponding to multiple LANs can be aggregated in the cloud. The aggregated traffic may come from various applications in various industries. The larger the aggregated data volume, the more accurate the overall situation of the domain name being accessed. The information that needs to be recorded is which domain name was accessed by which host in the local area network at what time, what is the corresponding URL, what is the IP address resolved by the domain name, and what is the TTL value...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a domain name flow feature extraction method and relates to the field of network security. A structural feature and context dependency relationship of the domain name flow waveform sequence are learned by utilizing a neural network; the characteristics of abstract and high-level flow features can be extracted; statistics and normalization processing is performed on the domain name access flow data; an input sequence capable of performing feature extraction is gennerated; the abstract and high-level flow characteristics of the domain name are automatically extracted through a trained sequence-to-sequence model. Compared with a traditional manual feature extraction means, the method has the advantages that the context dependence relation and the structural features corresponding to the time sequence formed by the domain name flow features can be extracted completely, and domain name flow feature extraction accuracy is improved. The invention further discloses a domain name traffic feature extraction device and equipment and a readable storage medium, which have the above beneficial effects.

Description

technical field [0001] The present invention relates to the field of network security, in particular to a domain name traffic feature extraction method, device, equipment and readable storage medium. Background technique [0002] The domain name is used for network positioning. After people enter the domain name, it is converted to an IP on the DNS to find the corresponding server and open the corresponding web page. At present, there are a large number of illegal domain names, which seriously affect the normal work of normal domain names, leading to the downgrade of normal domain name websites, and even punishment. In order to maintain normal network order, it is necessary to extract domain name features for further analysis and identification of domain name types. [0003] The registration purposes of legal domain names and illegal domain names are different. Legitimate domain names are used to carry legal services, while illegal domain names are used for malicious use to ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/12H04L29/08G06N3/04G06N3/08
CPCH04L67/02G06N3/08H04L61/4511G06N3/044G06N3/045Y02D30/50
Inventor 闫凡陈扬赵振洋古亮
Owner SANGFOR TECH INC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap