Malicious domain name detection method and device based on deep reinforcement learning

A technology of reinforcement learning and domain name detection, applied in the field of network security, can solve the problem of data imbalance between benign domain names and malicious domain names

Active Publication Date: 2022-02-15
INST OF INFORMATION ENG CHINESE ACAD OF SCI
View PDF7 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The present invention uses a method based on deep reinforcement learning to solve the classification problem of unbalanced sample data of benign domain names and malicious domain names in real DNS traffic

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious domain name detection method and device based on deep reinforcement learning
  • Malicious domain name detection method and device based on deep reinforcement learning
  • Malicious domain name detection method and device based on deep reinforcement learning

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0034] In order to make the above objects, features and advantages of the present invention more comprehensible, the present invention will be further described in detail below through specific embodiments and accompanying drawings.

[0035] The invention provides a method for judging a malicious domain name. It first obtains the domain name to be detected through real DNS traffic, and after querying whois information, extracts features of the domain name to be detected, and finally inputs the feature vector into the deep reinforcement learning model to obtain each Whether the domain name to be detected has malicious behavior.

[0036] The workflow of the present invention is as figure 1 shown.

[0037] 1) Obtain the real DNS traffic of the domain name to be detected: set up a network probe in the network, obtain real DNS traffic data for several days, and store it in the traffic database.

[0038] 2) Supplement whois information: query and record their whois information for...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a malicious domain name detection method and device based on deep reinforcement learning. The method comprises the following steps: acquiring the real DNS flow of a domain name to be detected; inquiring and recording whois information of the domain name to be detected in the real DNS flow; according to the domain name to be detected and the whois information, carrying out feature extraction on the domain name to be detected, and generating a feature vector of the domain name to be detected; and inputting the feature vector of the to-be-detected domain name into the deep reinforcement learning model, and judging whether the to-be-detected domain name has a malicious behavior or not. The method based on deep reinforcement learning is used for solving the classification problem of unbalanced benign and malicious sample data in the real DNS traffic, low-proportion malicious samples in the real DNS traffic can be quickly and effectively found, and a good effect is still kept at a low balance rate.

Description

technical field [0001] The invention belongs to the technical field of network security, and in particular relates to a method and device for detecting malicious domain names based on deep reinforcement learning. Background technique [0002] The Domain Name System (DNS) is an important infrastructure of the Internet. It provides mapping services between domain names and IP addresses, and provides great convenience for identifying services, devices and other resources on the network. However, while the domain name system provides normal resolution services, it has also become one of the main attack paths for various network illegal activities. More and more attackers are abusing the domain name system to achieve malicious purposes. For example, cyber scammers register domain names similar to well-known legitimate websites, and build phishing websites to induce users to visit and steal user identity information; botnets use Domain Generation Algorithm (DGA) to randomly genera...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/40H04L61/4511G06K9/62G06N3/08
CPCH04L63/1416H04L63/1425G06N3/08G06F18/24Y02D30/50
Inventor 袁方方田腾刘燕兵卢毓海曹聪谭建龙
Owner INST OF INFORMATION ENG CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap