期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于特征多样化的恶意域名检测 被引量:1

Malicious domain detection based on diversified characteristics
下载PDF
导出
摘要 恶意域名是威胁当前网络安全的重要因素之一,对恶意域名进行快速检测是维护网络环境安全的一个重要手段。针对现有检测方法存在开销大、检查时间较长、检测类型单一的问题,提出了一种基于特征多样化的检测方法,首先从域名词汇、域名访问量的角度提取多元特征,随后使用基于随机森林的分类检测模型来区分域名。实验结果表明:该方法在达到95%准确率的情况下,极大地降低了计算复杂度,并且具有一定的通用性。 Malicious domain names are one of the important factors threatening the current network security and a rapid detection of malicious domain names is an important means to maintain the security of the network environment.Aiming at the problems of high cost,long inspection time and single detection type in existing detection methods,a detection method based on diversified features is proposed.Firstly,from the domain name vocabulary,domain name access,extract multiple characteristics areextracte.Then,a random forest⁃based classification detection model is used to distinguish domain names.Experimental results show that the method achieves an accuracy of 95%,while greatly reducing the computational complexity and it has a certain generality.
作者 刘善玲 祁正华 LIU Shanling;QI Zhenghua(School of Computer Science,Nanjing University of Posts and Telecommunications,Nanjing 210023,China)
机构地区 南京邮电大学计算机学院、软件学院、网络空间安全学院
出处 《南京邮电大学学报(自然科学版)》 北大核心 2021年第6期95-100,共6页 Journal of Nanjing University of Posts and Telecommunications:Natural Science Edition
基金 国家自然科学基金(61972209)资助项目。
关键词 恶意域名 随机森林 域名特征 访问特征 malicious domain names random forest multiple features access features
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献6

二级参考文献75

  • 1CNCERT/CC.2014中国互联网网络安全报告[EB/OL].[2015-08-15].http://www.cert.org.cn/publish/main/upload/File/2014%20secirity%20situation%20report.pdf.
  • 2BILGE L,KIRDA E,KRUEGEL C,et al.EXPOSURE:finding malicious domains using passive DNS analysis[EB/OL].[2015-07-06].http://seclab.ccs.neu.edu/static/publications/ndss2011dns.pdf.
  • 3ZHANG Y,HONG J I,CRANOR L F.Cantina:a content-based approach to detecting phishing Web sites[C]//Proceedings of the 2007 16th International Conference on World Wide Web.New York:ACM,2007:639-648.
  • 4WEIMER F.Passive DNS replication[EB/OL].[2015-07-06].http://www.first.org/conference/2005/papers/florian-weimer-paper-1.pdf.
  • 5PAN Y,DING X.Anomaly based Web phishing page detection[C]//Proceedings of the 22nd Annual Computer Security Applications Conference.Washington,DC:IEEE Computer Society,2006:381-392.
  • 6HOLZ T,GORECKI C,RIECK K,et al.Measuring and detecting fast-flux service networks[EB/OL].[2015-07-12].http://user.informatik.uni-goettingen.de/-krieck/docs/2008-ndss.pdf.
  • 7ZHOU C V,LECKIE C,KARUNASEKERA S,et al.A self-healing,self-protecting collaborative intrusion detection architecture to trace-back fast-flux phishing domains[C]//Proceedings of the 2008 IEEE Network Operations and Management Symposium Workshops.Piscataway,NJ:IEEE,2008:321-327.
  • 8BASNET R,MUKKAMALA S,SUNG A H.Detection of phishing attacks:a machine learning approach[M]//PRASAD B.Soft Computing Applications in Industry.Berlin:Springer,2008,226:373-383.
  • 9PASSERINI E,PALEARI R,MARTIGNONI L,et al.FluXOR:detecting and monitoring fast-flux service networks[M]//ZAMBONI D.Detection of Intrusions and Malware,and Vulnerability Assessment,LNCS 5137.Berlin:Springer,2008:186-206.
  • 10PERDISCI R,CORONA I,DAGON D,et al.Detecting malicious flux service networks through passive analysis of recursive DNS traces[C]//Proceedings of the 2009 Annual Computer Security Applications Conference.Washington,DC:IEEE Computer Society,2009:311-320.

共引文献85

同被引文献12

引证文献1

二级引证文献2

南京邮电大学学报(自然科学版)
2021年 第6期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部