Detecting malicious domain names based on AGD
A new malicious domain name detection algorithm was proposed.More specifically,the domain names in a cluster belonging to a DGA (domain generation algorithm) or its variants was identified firstly by using cluster correlation.Then,these AGD (algorithmically generated domain) names’ TTL,the distribut...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2018-07-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2018116/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841539468932153344 |
|---|---|
| author | Xiaodong ZANG Jian GONG Xiaoyan HU |
| author_facet | Xiaodong ZANG Jian GONG Xiaoyan HU |
| author_sort | Xiaodong ZANG |
| collection | DOAJ |
| description | A new malicious domain name detection algorithm was proposed.More specifically,the domain names in a cluster belonging to a DGA (domain generation algorithm) or its variants was identified firstly by using cluster correlation.Then,these AGD (algorithmically generated domain) names’ TTL,the distribution and attribution of their resolved IP addresses,their whois features and their historical information were extracted and further applied SVM algorithm to identify the malicious domain names.Experimental results demonstrate that it achieves an accuracy rate of 98.4% and the false positive of 0.9% without any client query records. |
| format | Article |
| id | doaj-art-f0a2238f45c14bb7816303e3e82ef2e3 |
| institution | Kabale University |
| issn | 1000-436X |
| language | zho |
| publishDate | 2018-07-01 |
| publisher | Editorial Department of Journal on Communications |
| record_format | Article |
| series | Tongxin xuebao |
| spelling | doaj-art-f0a2238f45c14bb7816303e3e82ef2e32025-01-14T07:15:02ZzhoEditorial Department of Journal on CommunicationsTongxin xuebao1000-436X2018-07-0139152559719191Detecting malicious domain names based on AGDXiaodong ZANGJian GONGXiaoyan HUA new malicious domain name detection algorithm was proposed.More specifically,the domain names in a cluster belonging to a DGA (domain generation algorithm) or its variants was identified firstly by using cluster correlation.Then,these AGD (algorithmically generated domain) names’ TTL,the distribution and attribution of their resolved IP addresses,their whois features and their historical information were extracted and further applied SVM algorithm to identify the malicious domain names.Experimental results demonstrate that it achieves an accuracy rate of 98.4% and the false positive of 0.9% without any client query records.http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2018116/network security monitoringdomain generation algorithmcommand and control serveralgorithmically generated domain |
| spellingShingle | Xiaodong ZANG Jian GONG Xiaoyan HU Detecting malicious domain names based on AGD Tongxin xuebao network security monitoring domain generation algorithm command and control server algorithmically generated domain |
| title | Detecting malicious domain names based on AGD |
| title_full | Detecting malicious domain names based on AGD |
| title_fullStr | Detecting malicious domain names based on AGD |
| title_full_unstemmed | Detecting malicious domain names based on AGD |
| title_short | Detecting malicious domain names based on AGD |
| title_sort | detecting malicious domain names based on agd |
| topic | network security monitoring domain generation algorithm command and control server algorithmically generated domain |
| url | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2018116/ |
| work_keys_str_mv | AT xiaodongzang detectingmaliciousdomainnamesbasedonagd AT jiangong detectingmaliciousdomainnamesbasedonagd AT xiaoyanhu detectingmaliciousdomainnamesbasedonagd |