Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Suspicious domain name detection method and system

A domain name detection and domain name technology, applied in transmission systems, electrical components, etc., can solve problems such as high consumption of computer resources, crashes, failure to automatically update suspicious domain names, etc., and achieve the effect of double verification

Active Publication Date: 2017-11-17
CHINA UNITED NETWORK COMM GRP CO LTD
View PDF6 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Among them, in the sniffing technology, sniffing tools such as network packet analysis software (Wireshark), Winpcap, and SRSniffer all have powerful protocol analysis functions, but these sniffing tools are only used as network packet analysis software, and cannot analyze DNS packets. Audit monitoring
Moreover, these sniffing tools usually analyze each protocol field in the DNS message one by one, which is easy to cause a large consumption of computer resources, and in a large network environment, packet loss or crashes may also occur
The analysis and restoration technology only audits the DNS data, and cannot control the illegal activities on the network in a timely and effective manner.
[0005] The suspicious domain name interception system existing in the prior art, for example, the suspicious domain name interception system based on domain name redirection, processes the DNS domain name request packets flowing through the network, forges the response packet, and redirects the DNS domain name to the destination IP addresses, so as to block certain domain names, but the system cannot automatically update suspicious domain names in real time.
[0006] Therefore, the existing monitoring and blocking technologies for suspicious domain names are relatively simple in the analysis method of DNS domain names, and it is difficult to automatically update suspicious domain names in real time and block suspicious domain names in a timely manner.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Suspicious domain name detection method and system
  • Suspicious domain name detection method and system
  • Suspicious domain name detection method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0047] In order to enable those skilled in the art to better understand the technical solution of the present invention, the suspicious domain name detection method and system provided by the present invention will be described in detail below in conjunction with the accompanying drawings.

[0048] figure 1 It is a flowchart of a suspicious domain name detection method provided by Embodiment 1 of the present invention. As shown in the figure, the suspicious domain name detection method includes:

[0049] Step 101. Obtain a first DNS data packet, where the first DNS data packet includes user identification information, a domain name, and a first resolution result corresponding to the domain name.

[0050] Step 102, generating the support degree of the domain name according to the domain name and user identification information.

[0051] Step 103 , judging whether the support degree is less than the first set value, if yes, execute step 104 , if not, end the process.

[0052] ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a suspicious domain name detection method and system. The suspicious domain name detection method comprises the following steps: obtaining a first DNS data message, wherein the first DNS data message comprises user identification information, a domain name and a first analysis result corresponding to the domain name; generating support degree of the domain name according to the domain name and the user identification information; judging whether the support degree is smaller than a first set value; if judging that the support degree is smaller than the first set value, determining the domain name as a first suspicious domain name; if judging that the domain name is the first suspicious domain name, generating the degree of instability of the first analysis result according to the first analysis result corresponding to the first suspicious domain name; judging whether the degree of instability is larger than a second set value; and if judging that the degree of instability is larger than the second set value, determining the first suspicious domain name as a second suspicious domain name. The suspicious domain name detection method and system realize dual verification of the domain names and realize real-time automatic update and timely interception of the suspicious domain names.

Description

technical field [0001] The invention relates to the technical field of domain name analysis, in particular to a suspicious domain name detection method and system. Background technique [0002] At present, most of the viruses on the enterprise network enter the enterprise internal network through email or web browsing. Spam and various malicious links often easily cause congestion and paralysis of the enterprise network, and even cause system crashes, resulting in Huge and irreparable loss. Therefore, the security of the enterprise Internet is extremely important to the enterprise. [0003] The Domain Name System (DNS for short) is a set of mapping mechanisms that provide the correspondence between network domain names and IP addresses in the network. The client usually realizes the query from the domain name to the IP address by exchanging DNS query messages and response messages with the server, and most web services also obtain IP addresses through domain name resolutio...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L29/12
CPCH04L63/1466H04L61/4511
Inventor 任思颖
Owner CHINA UNITED NETWORK COMM GRP CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com