摘要
当前对算法生成域名技术的检测,检测所用时间周期过长,无法对算法生成的恶意域名进行快速检测。针对此问题,本文基于新增域名与已分类恶意域名之间的关联关系,提出一种算法生成域名的实时检测方法,并在某省运营商DNS服务器机房部署本系统,实验验证本检测方法。实验表明与已有方法相比,本方法能够快速筛选用于恶意网络行为的算法生成域名。但本方法需要消耗大量的计算资源和内存资源,需要在后续的工作中研究解决。
Abstra ct:The current detection of algorithmically generated malicious domain has long detecting cy-cle, and has no sufficient use of known and pub-lished malicious domain. Aimed at this problem, we propose a real time detect method based on relation-ship between new domain name and known mali-cious domains combined with live pattern of algo-rithmically generated domains. The experiment result shows that the method can quickly and effectively filter out algorithmically generated domains used by malware, but this method consumes a large amount of computation and memory resources that needs to be solved in the following work.
出处
《现代电信科技》
2013年第7期3-8,共6页
Modern Science & Technology of Telecommunications
基金
国家242信息安全计划基金资助项目(242-2010A009)
关键词
域名生成算法
僵尸网络
算法生成域名
域名变换
domain generation algorithms
botnet
algorithmically generated domain
domain-flux
