Malicious domain name detection method based on associated information extraction

被引:0
作者
Zhang B. [1 ,2 ]
Liao R. [1 ,2 ]
机构
[1] Department of Cryptogram Engineering, Information Engineering University, Zhengzhou
[2] He'nan Province Key Laboratory of Information Security, Zhengzhou
来源
Tongxin Xuebao/Journal on Communications | 2021年 / 42卷 / 10期
关键词
Domain name resolution information; Heterogeneous information network; Malicious domain name detection; Query time; Representation learning;
D O I
10.11959/j.issn.1000-436x.2021181
中图分类号
G2 [信息与知识传播];
学科分类号
05 ; 0503 ;
摘要
To improve the accuracy of malicious domain name detection based on the associated information, a detection method combining resolution information and query time was proposed. Firstly, the resolution information was mapped to nodes and edges in a heterogeneous information network, which improved the utilization rate. Secondly, considering the problem of high computational complexity in extracting associated information with matrix multiplication, an efficiency breadth-first network traversal algorithm based on meta-path was proposed. Then, the query time was used to detect the domain names lacking meta-path information, which improved the coverage rate. Finally, domain names were vectorized by representation learning with adaptive weight. The Euclidean distance between domain name feature vectors was used to quantify the correlation between domain names. Based on the vectors learned above, a supervised classifier was constructed to detect malicious domain names. Theoretical analysis and experimental results show that the proposed method preforms well in extraction domain name associated information. The coverage rate and F1 score are 97.7% and 0.951 respectively. © 2021, Editorial Board of Journal on Communications. All right reserved.
引用
收藏
页码:162 / 172
页数:10
相关论文
共 24 条
[1]  
ZHAUNIAROVICH Y, KHALIL I, YU T, Et al., A survey on malicious domains detection through DNS data analysis, ACM Computing Surveys, 51, 4, pp. 1-36, (2018)
[2]  
GAO H Y, YEGNESWARAN V, JIANG J, Et al., Reexamining DNS from a global recursive resolver perspective, IEEE/ACM Transactions on Networking, 24, 1, pp. 43-57, (2016)
[3]  
WANG X, ZHENG K F, NIU X X, Et al., Detection of command and control in advanced persistent threat based on independent access, Proceedings of 2016 IEEE International Conference on Communications (ICC), pp. 1-6, (2016)
[4]  
PENG C W, YUN X C, ZHANG Y Z, Et al., Detecting malicious domains using co-occurrence relation between DNS query, Journal of Computer Research and Development, 56, 6, pp. 1263-1274, (2019)
[5]  
YEDIDIA J S, FREEMAN W T, WEISS Y., Understanding belief propagation and its generalizations, Exploring Artificial Intelligence in the New Millennium, 8, pp. 236-239, (2003)
[6]  
MANADHATA P K, YADAV S, RAO P, Et al., Detecting malicious domains via graph inference, (2014)
[7]  
KHALIL I, YU T, GUAN B., Discovering malicious domains through passive DNS data graph analysis, Proceedings of the 11th ACM on Asia Con-ference on Computer and Communications Security, pp. 663-674, (2016)
[8]  
LEE J, LEE H., GMAD: graph-based malware activity detection by DNS traffic analysis, Computer Communications, 49, pp. 33-47, (2014)
[9]  
ZANG X D, GONG J, HU X Y., Detecting malicious domain names based on AGD, Journal on Communications, 39, 7, pp. 15-25, (2018)
[10]  
PENG C W, YUN X C, ZHANG Y Z, Et al., Discovering malicious domains through alias-canonical graph, Proceedings of 2017 IEEE Trust-com/BigDataSE/ICESS, pp. 225-232, (2017)
123