Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Abnormal domain name identification method and device, computer equipment and medium

An identification method and abnormal technology, applied in special data processing applications, biological neural network models, and other database retrievals, can solve problems such as property loss, underreporting of malicious domain names, attacks, etc., to reduce losses, avoid attacks, and detect accurately rate-enhancing effect

Pending Publication Date: 2022-03-01
EVERSEC BEIJING TECH
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] In the process of implementing the present invention, the inventor found that the existing technology mainly has the following defects: when detecting DGA domain names, if the deep learning model is only used, a large number of malicious domain names will be missed.
Therefore, missing abnormal domain names can attack the server and cause property losses

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Abnormal domain name identification method and device, computer equipment and medium
  • Abnormal domain name identification method and device, computer equipment and medium
  • Abnormal domain name identification method and device, computer equipment and medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0030] figure 1 A flow chart of an identification method for an abnormality domain name provided by the embodiment of the present invention. This embodiment can be applied to a case where the domain name consisting of an abnormal splicing string is detected. The method of this embodiment can be performed by an abnormal domain name identification device, which can be implemented by software and / or hardware, which can be configured in a server or terminal device.

[0031] Correspondingly, the method includes the steps of:

[0032] S110, obtain the domain name to be identified, and extract the primary domain name in the domain name to identify.

[0033] Where the domain name can be a name of a computer or a computer group that is composed of atriated point-separated name, which is used to locate the computer when data transmission is transmitted. Since the IP address is incapacitated and does not display shortcomings such as name and nature of address organizations. The domain nam...

Embodiment 2

[0063] Figure 2A It is a flow chart of an identification method of an abnormality domain name provided in the second embodiment of the present invention. The present embodiment is refined according to the embodiments described above. In the present embodiment, it is further detailed for detecting whether the primary domain name can be spliced ​​by the set number of set numbers in the abnormal splicing string library. change.

[0064] Correspondingly, the method includes the steps of:

[0065] S210, get the domain name to be identified, and extract the primary domain name in the domain name to identify.

[0066] S220, match the primary domain with a pre-established exception spliced ​​string.

[0067] S230, detects whether the primary domain name can be spliced ​​by the number of abnormal spliced ​​strings in the exception splicing string library. If so, S240 is executed; if no, S250 is executed.

[0068] S240 determines the token domain name as an abnormality domain name generate...

Embodiment 3

[0093] image 3 It is a structural diagram of an identification device of an abnormality domain name provided in the first embodiment of the present invention, and an identification device of an abnormal domain name provided in this embodiment can be implemented by software and / or hardware, and can be configured in a server or terminal device. A method of identifying an abnormality domain name in an embodiment of the present invention is implemented. Such as image 3 As shown, the apparatus can specifically include: the primary domain extraction module 310, the primary domain detection module 320, and the abnormal domain name determining module 330.

[0094] Wherein, the primary domain extraction module 310 is used to obtain the domain name to be identified and the primary domain name in the domain name to be identified;

[0095] The primary domain detection module 320 is configured to match the primary domain with a pre-established exception spliced ​​string library, detect if t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention discloses an abnormal domain name identification method and device, computer equipment and a medium. The method comprises the following steps: acquiring domain names to be identified, and extracting a main domain name in the domain names to be identified; matching the main domain name with a pre-established abnormal splicing character string library, and detecting whether the main domain name can be obtained by splicing a set number of abnormal splicing character strings in the abnormal splicing character string library; and if yes, determining the domain name to be identified as an abnormal domain name generated through a domain name generation algorithm. According to the method provided by the embodiment of the invention, the problems of missing detection and missing report of the domain names formed by the abnormal spliced character strings are solved, and the detection accuracy of the abnormal domain names is improved, so that the attack of the missing detection of the abnormal domain names on the server is avoided, and the loss caused by the attack of the abnormal domain names on the server is reduced.

Description

Technical field [0001] Embodiments of the present invention relate to computer data processing techniques, and more particularly to an identification method, apparatus, computer device, and medium of an abnormal domain name. Background technique [0002] Malware has now developed to threaten the number one public enemy of the network security. In order to escape safety facilities, its production process is increasing, one of which is typical is to integrate domain name generating algorithm in software, the DMAINGENERATION Algorithm, DGA algorithm Speed ​​variable domain name. This mode can be constructed more robust zombie network as a means of spare or main communication with C2 servers. [0003] According to the detection method, DGA domain name detection can be roughly divided into two types: text analysis and behavioral analysis. Among them, based on the text analysis, the difference between the DGA domain name and the normal domain name is analyzed, or the difference between...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F16/903G06N3/04
CPCG06F16/90344G06N3/044
Inventor 赖秋楠梁彧傅强蔡琳杨满智田野王杰阿曼太金红陈晓光
Owner EVERSEC BEIJING TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com