Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Botnet program domain name identification method and device, equipment and storage medium

A technology of bots and domain names, applied in the field of network security, can solve the problems of consuming computing resources, low detection accuracy, poor real-time performance of DGA domain names, etc., and achieve the effect of reducing false alarm rate and improving accuracy rate

Active Publication Date: 2021-05-25
CHINA MOBILE COMM LTD RES INST +1
View PDF8 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] Among them, the honeypot-based detection method is complex to deploy, and requires strong technical support to reverse the captured bots, and it is found that the real-time performance of the DGA domain name is poor; the botnet detection technology based on network traffic requires long-term monitoring and comparison confirmation Similar data traffic, if the time span is short, the detection accuracy is not high; and data traffic with similar classification characteristics, if the data traffic is large, it will consume a lot of computing resources

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Botnet program domain name identification method and device, equipment and storage medium
  • Botnet program domain name identification method and device, equipment and storage medium
  • Botnet program domain name identification method and device, equipment and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0033] The present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments.

[0034] Unless otherwise defined, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the technical field of the invention. The terms used herein in the description of the present invention are for the purpose of describing specific embodiments only, and are not intended to limit the present invention.

[0035] The embodiment of the present invention provides a method for identifying a bot domain name, such as figure 1 As shown, the method includes:

[0036] Step 101, performing domain name feature extraction on domain names within a set time period in the DNS log, and determining domain name feature values ​​corresponding to multiple domain names within the set time period;

[0037] Step 102, loading the feature value of the domain name into the domain name classification mo...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a zombie program domain name identification method and device, equipment and a storage medium. The method comprises the following steps: carrying out domain name feature extraction on domain names in a set time length in a domain name system (DNS) log, and determining domain name feature values respectively corresponding to a plurality of domain names in the set time length; loading the domain name feature value into a domain name classification model for identification to obtain a first suspected domain name generation algorithm (DGA) domain name set; filtering the first suspected DGA domain name set based on a domain name blacklist and a domain name whitelist to obtain a second suspected DGA domain name set; performing tracking query on each domain name in the second suspected DGA domain name set based on the DNS log to obtain access record information corresponding to each domain name; and determining an identification result of whether each domain name is a DGA domain name based on the access record information corresponding to each domain name.

Description

technical field [0001] The invention relates to the field of network security, in particular to a method, device, equipment and storage medium for identifying a bot domain name. Background technique [0002] With the development of botnet technology, attackers use Domain Flux technology in bot programs to deal with the blocking of security technicians. The C&C (command control) domain name that the bot initiates access is based on a certain algorithm, selects a fixed feature as a random number seed, dynamically generates a changing prefix string, and then adds a fixed TLD (Top Level Domain, top-level domain name). This domain name generation algorithm is called DGA (Domain Generation Algorithm). Attackers will use the DGA algorithm to generate a large number of domain names, but only register a small number of them as C&C domain names. [0003] In related technologies, for DGA domain names generated by bots, the monitoring and detection methods mainly include: [0004] 1. ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/12G06K9/62
CPCH04L63/1425H04L63/1408H04L63/1483H04L63/101H04L61/4511G06F18/214
Inventor 郭智慧付俊陈璨璨彭晋张峰
Owner CHINA MOBILE COMM LTD RES INST
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com