期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于词法特征的恶意域名快速检测算法 被引量:20

Fast malicious domain name detection algorithm based on lexical features
下载PDF
导出
摘要 针对互联网中恶意域名攻击事件频发,现有域名检测方法实时性不强的问题,提出一种基于词法特征的恶意域名快速检测算法。该算法根据恶意域名的特点,首先将所有待测域名按照长度进行正则化处理后赋予权值;然后利用聚类算法将待测域名划分成多个小组,并利用改进的堆排序算法按照组内权值总和计算各域名小组优先级,根据优先级降序依次计算各域名小组中每一域名与黑名单上域名之间的编辑距离;最后依据编辑距离值快速判定恶意域名。算法运行结果表明,基于词法特征的恶意域名快速检测算法与单一使用域名语义和单一使用域名词法的恶意域名检测算法相比,准确率分别提高1. 7%与2. 5%,检测速率分别提高13. 9%与6. 8%,具有更高的准确率和实时性。 Aiming at the problem that malicious domain name attacks frequently occur on the Internet and existing detection methods are not effective enough in performance of real time, a fast malicious domain name detection algorithm based on lexical features was proposed. According to characteristics of malicious domain name, all domain names to be tested were firstly normalized according to their lengths and the weights were given to them in the algorithm. Then a clustering algorithm was used to divide domain names to be tested into several groups, and the priority of each domain group was calculated by the improved heap sorting algorithm according to the sum of weights in group, the editing distance between each domain name in each domain name group and the domain name on blacklist was calculated in turn. Finally, malicious domain name was quickly determined according to the editing distance value. The running results of algorithm show that compared with the malicious domain name detection algorithm of only using domain name semantics and the algorithm of only using domain name lexical features, the accuracy of fast malicious domain name detection algorithm based on lexical features is increased by1. 7% and 2. 5% respectively, the detection rate is increased by 13. 9% and 6. 8% respectively. The proposed algorithm has higher accuracy and performance of real-time.
作者 赵宏 常兆斌 王乐 ZHAO Hong;CHANG Zhaobin;WANG Le(School of Computer and Communication,Lanzhou University of Technology,Lanzhou Gansu 730050,China)
机构地区 兰州理工大学计算机与通信学院
出处 《计算机应用》 CSCD 北大核心 2019年第1期227-231,共5页 journal of Computer Applications
基金 国家自然科学基金资助项目(51668043) 赛尔网络下一代互联网技术创新项目(NG1120160311 NG1120160112)~~
关键词 恶意域名 词法特征 检测算法 编辑距离 实时性 malicious domain name lexical feature detection algorithm editing distance performance of real time
分类号 TP391 [自动化与计算机技术—计算机应用技术] TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献10

二级参考文献70

  • 1Herona S.Working the botnet:how dynamic DNS is revitalising the zombie army[J].Network Security,2007:9-11.
  • 2Dagon D.Botnet detection and response-the network is the infection[C]//OARC Workshop, 2005.
  • 3Villamarin-Salomon R, Brustoloni J C.Identifying botnets using anomaly detection techniques applied to DNS traffic[C]//Proceedings of the 5th IEEE Consumer Communications and Networking Conference, 2008 : 476-481.
  • 4Schonewille A, van Helmond D J.The domain name service as an IDS[Z].2006.
  • 5Choi H, Lee H, Lee H, et al.Botnet detection by monitoring group activities in DNS traffic[C]//Proceedings of the 7th IEEE International Conference on Computer and Information Technology Table of Contents, 2007 : 715-720.
  • 6Villamarin-Salomon R,Brustoloni J C.Bayesian bot detection based on DNS traffic similarity[C]//Proceedings of the 2009 ACM Symposium on Applied Computing (SAC), Hawaii, USA, 2009: 2035-2041.
  • 7Korea Information Security Agency(KISA).Botnet C&C server domain list[EB/OL]. [2009].http://www.knsp.org/sink_dns/total.uniq. dns.rr.txt.
  • 8ShadowServer[EB/OL]. [2009].http://www.shadowserver.org/.
  • 9Cymru[EB/OL].[2009].http://www.team-cymru.org/.
  • 10CNCERT/CC.2014中国互联网网络安全报告[EB/OL].[2015-08-15].http://www.cert.org.cn/publish/main/upload/File/2014%20secirity%20situation%20report.pdf.

共引文献74

同被引文献111

引证文献20

二级引证文献58

计算机应用
2019年 第1期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部