Fast-flucos:malicious domain name detection method for Fast-flux based on DNS traffic
There are three weaknesses in previous Fast-flux domain name detection method on the aspects of stability,targeting,and applicability to common real-world DNS traffic environment.For this,a method based on DNS traffic,called Fast-flucos was proposed.Firstly,the traffic anomaly filtering and associat...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2020-05-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2020094/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841539375561703424 |
|---|---|
| author | Chunyu HAN Yongzheng ZHANG Yu ZHANG |
| author_facet | Chunyu HAN Yongzheng ZHANG Yu ZHANG |
| author_sort | Chunyu HAN |
| collection | DOAJ |
| description | There are three weaknesses in previous Fast-flux domain name detection method on the aspects of stability,targeting,and applicability to common real-world DNS traffic environment.For this,a method based on DNS traffic,called Fast-flucos was proposed.Firstly,the traffic anomaly filtering and association matching algorithms were used for improving detection stability.Secondly,the features,quantified geographical width,country list,and time list,were applied for better targeting Fast-flux domains.Lastly,the feature extraction were finished by the more suitable samples for trying to adapt to common real-world DNS traffic.Several machine learning algorithms including deep learning are tried for determining the best classifier and feature combination.The experimental result based on real-world DNS traffic shows that Fast-flucos’ recall rate is 0.998 6,precision is 0.976 7,and ROC_AUC is 0.992 9,which are all better than the current main stream approaches,such as EXPOSURE,GRADE and AAGD. |
| format | Article |
| id | doaj-art-b15d893fdb5a418dbe81e1978aefebc0 |
| institution | Kabale University |
| issn | 1000-436X |
| language | zho |
| publishDate | 2020-05-01 |
| publisher | Editorial Department of Journal on Communications |
| record_format | Article |
| series | Tongxin xuebao |
| spelling | doaj-art-b15d893fdb5a418dbe81e1978aefebc02025-01-14T07:19:13ZzhoEditorial Department of Journal on CommunicationsTongxin xuebao1000-436X2020-05-0141374759735235Fast-flucos:malicious domain name detection method for Fast-flux based on DNS trafficChunyu HANYongzheng ZHANGYu ZHANGThere are three weaknesses in previous Fast-flux domain name detection method on the aspects of stability,targeting,and applicability to common real-world DNS traffic environment.For this,a method based on DNS traffic,called Fast-flucos was proposed.Firstly,the traffic anomaly filtering and association matching algorithms were used for improving detection stability.Secondly,the features,quantified geographical width,country list,and time list,were applied for better targeting Fast-flux domains.Lastly,the feature extraction were finished by the more suitable samples for trying to adapt to common real-world DNS traffic.Several machine learning algorithms including deep learning are tried for determining the best classifier and feature combination.The experimental result based on real-world DNS traffic shows that Fast-flucos’ recall rate is 0.998 6,precision is 0.976 7,and ROC_AUC is 0.992 9,which are all better than the current main stream approaches,such as EXPOSURE,GRADE and AAGD.http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2020094/Fast-fluxdomain name systemdomain name detectionmachine learningdeep learning |
| spellingShingle | Chunyu HAN Yongzheng ZHANG Yu ZHANG Fast-flucos:malicious domain name detection method for Fast-flux based on DNS traffic Tongxin xuebao Fast-flux domain name system domain name detection machine learning deep learning |
| title | Fast-flucos:malicious domain name detection method for Fast-flux based on DNS traffic |
| title_full | Fast-flucos:malicious domain name detection method for Fast-flux based on DNS traffic |
| title_fullStr | Fast-flucos:malicious domain name detection method for Fast-flux based on DNS traffic |
| title_full_unstemmed | Fast-flucos:malicious domain name detection method for Fast-flux based on DNS traffic |
| title_short | Fast-flucos:malicious domain name detection method for Fast-flux based on DNS traffic |
| title_sort | fast flucos malicious domain name detection method for fast flux based on dns traffic |
| topic | Fast-flux domain name system domain name detection machine learning deep learning |
| url | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2020094/ |
| work_keys_str_mv | AT chunyuhan fastflucosmaliciousdomainnamedetectionmethodforfastfluxbasedondnstraffic AT yongzhengzhang fastflucosmaliciousdomainnamedetectionmethodforfastfluxbasedondnstraffic AT yuzhang fastflucosmaliciousdomainnamedetectionmethodforfastfluxbasedondnstraffic |