Anomaly domains detection algorithm based on historical data
An anomaly domains detection algorithm was proposed based on domains’ historical data.Based on statistical differences in historical data of legitimate domains and malicious domains,the proposed algorithm used domains’ lifetime,changes of whois information,whois information integrity,IP changes,doma...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2016-10-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2016208/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | An anomaly domains detection algorithm was proposed based on domains’ historical data.Based on statistical differences in historical data of legitimate domains and malicious domains,the proposed algorithm used domains’ lifetime,changes of whois information,whois information integrity,IP changes,domains that share same IP,TTL value,etc,as main parameters and concrete representations of features for classification were given.And on this basis the proposed algorithm constructed SVM classifier for detecting anomaly domains.Features analysis and experimental results show that the algorithm obtains high detection accuracy to unknown domains,especially suitable for detecting long lived malicious domains. |
|---|---|
| ISSN: | 1000-436X |