A malicious domain name processing method, apparatus, device and machine-readable storage medium

A processing method and domain name technology, applied in the field of communication, can solve the problem of high false positive rate, and achieve the effects of reducing false positive rate, simple feature extraction and less resource consumption

Active Publication Date: 2022-07-12
NEW H3C SECURITY TECH CO LTD
View PDF11 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] In view of this, the present disclosure provides a malicious domain name processing method, device, electronic equipment, and machine-readable storage medium to improve the above-mentioned technical problem of high false positive rate

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A malicious domain name processing method, apparatus, device and machine-readable storage medium
  • A malicious domain name processing method, apparatus, device and machine-readable storage medium
  • A malicious domain name processing method, apparatus, device and machine-readable storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0022] The terminology used in the embodiments of the present disclosure is for the purpose of describing particular embodiments only, rather than limiting the present disclosure. As used in this disclosure and the claims, the singular forms "a," "the," and "the" are intended to include the plural forms as well, unless the context clearly dictates otherwise. It will also be understood that the term "and / or" as used herein is meant to include any and all possible combinations of one or more of the associated listed items.

[0023] It should be understood that although the terms first, second, third, etc. may be used in embodiments of the present disclosure to describe various information, such information should not be limited to these terms. These terms are only used to distinguish the same type of information from each other. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first inform...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The present disclosure provides a malicious domain name processing method, device, device and machine-readable storage medium. The method includes: acquiring training samples that meet preset requirements, extracting sample features from the training samples according to preset dimensions; and according to the extracted sample features , perform sample clustering on the training samples, and use BiLstm to train and generate a classifier; use the classifier to process the features extracted according to the domain name to be determined, and determine whether the domain name to be determined belongs to the DGA domain name; the preset dimensions include : Domain name length, initial proportion, numerical proportion, domain name entropy. Through the technical solution of the present disclosure, the initials of pinyin are used as one of the dimensions of the training model, and the algorithm model obtained can effectively reduce the false alarm rate of domestic websites. At the same time, the training method provided by the present disclosure has simple and efficient feature extraction, and can determine the DGA domain name. High accuracy and low resource consumption.

Description

technical field [0001] The present disclosure relates to the field of communication technologies, and in particular, to a malicious domain name processing method, apparatus, device, and machine-readable storage medium. Background technique [0002] Malware has now developed into the number one public enemy that threatens network security. In order to evade detection by security facilities, its production process has become more and more complicated. One of the typical methods is to integrate the DGA (Domain Generation Algorithm) algorithm in the software to generate rapidly changing domain names. As a backup or main means of communicating with the C2 server, this method can construct a more robust botnet and achieve continuous control of infected broilers. Correspondingly, the research on DGA algorithm is also a hot topic of discussion in the security circle. There are also a lot of DGA domain name detection work in academia and industry, but there are too many false positiv...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56
CPCH04L63/1416G06N3/08H04L61/4511G06N3/044G06F18/23213G06F18/23G06F18/2414
Inventor 施瑞瑞汪加伟
Owner NEW H3C SECURITY TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap