Fast-flucos:malicious domain name detection method for Fast-flux based on DNS traffic
There are three weaknesses in previous Fast-flux domain name detection method on the aspects of stability,targeting,and applicability to common real-world DNS traffic environment.For this,a method based on DNS traffic,called Fast-flucos was proposed.Firstly,the traffic anomaly filtering and associat...
Saved in:
Main Authors: | , , |
---|---|
Format: | Article |
Language: | zho |
Published: |
Editorial Department of Journal on Communications
2020-05-01
|
Series: | Tongxin xuebao |
Subjects: | |
Online Access: | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2020094/ |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
_version_ | 1841539375561703424 |
---|---|
author | Chunyu HAN Yongzheng ZHANG Yu ZHANG |
author_facet | Chunyu HAN Yongzheng ZHANG Yu ZHANG |
author_sort | Chunyu HAN |
collection | DOAJ |
description | There are three weaknesses in previous Fast-flux domain name detection method on the aspects of stability,targeting,and applicability to common real-world DNS traffic environment.For this,a method based on DNS traffic,called Fast-flucos was proposed.Firstly,the traffic anomaly filtering and association matching algorithms were used for improving detection stability.Secondly,the features,quantified geographical width,country list,and time list,were applied for better targeting Fast-flux domains.Lastly,the feature extraction were finished by the more suitable samples for trying to adapt to common real-world DNS traffic.Several machine learning algorithms including deep learning are tried for determining the best classifier and feature combination.The experimental result based on real-world DNS traffic shows that Fast-flucos’ recall rate is 0.998 6,precision is 0.976 7,and ROC_AUC is 0.992 9,which are all better than the current main stream approaches,such as EXPOSURE,GRADE and AAGD. |
format | Article |
id | doaj-art-b15d893fdb5a418dbe81e1978aefebc0 |
institution | Kabale University |
issn | 1000-436X |
language | zho |
publishDate | 2020-05-01 |
publisher | Editorial Department of Journal on Communications |
record_format | Article |
series | Tongxin xuebao |
spelling | doaj-art-b15d893fdb5a418dbe81e1978aefebc02025-01-14T07:19:13ZzhoEditorial Department of Journal on CommunicationsTongxin xuebao1000-436X2020-05-0141374759735235Fast-flucos:malicious domain name detection method for Fast-flux based on DNS trafficChunyu HANYongzheng ZHANGYu ZHANGThere are three weaknesses in previous Fast-flux domain name detection method on the aspects of stability,targeting,and applicability to common real-world DNS traffic environment.For this,a method based on DNS traffic,called Fast-flucos was proposed.Firstly,the traffic anomaly filtering and association matching algorithms were used for improving detection stability.Secondly,the features,quantified geographical width,country list,and time list,were applied for better targeting Fast-flux domains.Lastly,the feature extraction were finished by the more suitable samples for trying to adapt to common real-world DNS traffic.Several machine learning algorithms including deep learning are tried for determining the best classifier and feature combination.The experimental result based on real-world DNS traffic shows that Fast-flucos’ recall rate is 0.998 6,precision is 0.976 7,and ROC_AUC is 0.992 9,which are all better than the current main stream approaches,such as EXPOSURE,GRADE and AAGD.http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2020094/Fast-fluxdomain name systemdomain name detectionmachine learningdeep learning |
spellingShingle | Chunyu HAN Yongzheng ZHANG Yu ZHANG Fast-flucos:malicious domain name detection method for Fast-flux based on DNS traffic Tongxin xuebao Fast-flux domain name system domain name detection machine learning deep learning |
title | Fast-flucos:malicious domain name detection method for Fast-flux based on DNS traffic |
title_full | Fast-flucos:malicious domain name detection method for Fast-flux based on DNS traffic |
title_fullStr | Fast-flucos:malicious domain name detection method for Fast-flux based on DNS traffic |
title_full_unstemmed | Fast-flucos:malicious domain name detection method for Fast-flux based on DNS traffic |
title_short | Fast-flucos:malicious domain name detection method for Fast-flux based on DNS traffic |
title_sort | fast flucos malicious domain name detection method for fast flux based on dns traffic |
topic | Fast-flux domain name system domain name detection machine learning deep learning |
url | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2020094/ |
work_keys_str_mv | AT chunyuhan fastflucosmaliciousdomainnamedetectionmethodforfastfluxbasedondnstraffic AT yongzhengzhang fastflucosmaliciousdomainnamedetectionmethodforfastfluxbasedondnstraffic AT yuzhang fastflucosmaliciousdomainnamedetectionmethodforfastfluxbasedondnstraffic |