Detecting malicious domain names based on AGD

Detecting malicious domain names based on AGD

A new malicious domain name detection algorithm was proposed.More specifically,the domain names in a cluster belonging to a DGA (domain generation algorithm) or its variants was identified firstly by using cluster correlation.Then,these AGD (algorithmically generated domain) names’ TTL,the distribut...

Full description

Saved in:
Bibliographic Details
Main Authors: Xiaodong ZANG, Jian GONG, Xiaoyan HU
Format: Article
Language:zho
Published: Editorial Department of Journal on Communications 2018-07-01
Series:Tongxin xuebao
Subjects:
network security monitoring
domain generation algorithm
command and control server
algorithmically generated domain
Online Access:http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2018116/
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:A new malicious domain name detection algorithm was proposed.More specifically,the domain names in a cluster belonging to a DGA (domain generation algorithm) or its variants was identified firstly by using cluster correlation.Then,these AGD (algorithmically generated domain) names’ TTL,the distribution and attribution of their resolved IP addresses,their whois features and their historical information were extracted and further applied SVM algorithm to identify the malicious domain names.Experimental results demonstrate that it achieves an accuracy rate of 98.4% and the false positive of 0.9% without any client query records.
ISSN:1000-436X

Similar Items