Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A method of detecting dga domain name

A domain name and technology to be detected, applied in the field of Internet security, can solve the problem of high false positives, and achieve the effect of low false positives and flexible features

Active Publication Date: 2022-07-19
上海斗象信息科技有限公司
View PDF15 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] At present, security products mostly detect based on domain names and extract their features for detection. However, in practical applications, there will be a high number of false positives. Many normal domain names will be detected, such as Chinese pinyin domain names and normal super-long domain names. It was detected as a DGA domain name

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method of detecting dga domain name
  • A method of detecting dga domain name
  • A method of detecting dga domain name

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0046] The specific embodiments of the present invention will be described in more detail below with reference to the schematic diagrams. The advantages and features of the present invention will become more apparent from the following description. It should be noted that, the accompanying drawings are all in a very simplified form and in inaccurate scales, and are only used to facilitate and clearly assist the purpose of explaining the embodiments of the present invention.

[0047] In the following, if a method described herein includes a series of steps, the order of the steps presented herein is not necessarily the only order in which the steps may be performed, and some of the steps described may be omitted and / or some not described herein Additional steps can be added to the method.

[0048] At present, most security products are detected based on domain names, and their features are extracted for detection. However, there will be a problem of high false positives in pra...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a method for detecting a DGA domain name, comprising the following steps: establishing a DGA domain name detection model and a DGA family detection model; collecting DNS protocol data to be detected, and extracting the domain name to be detected in the DNS protocol data to be detected; normalize the extracted features; import the normalized features into the DGA domain name detection model and the DGA family detection model to obtain the probability that each detected domain name is a DGA domain name and the probability that it is a DGA family; continue to detect each detected domain name, According to the probability that the detected domain name is a DGA domain name and the number of features, the domain names belonging to the DGA domain name among the detected domain names are obtained. Domains that belong to the DGA family; show domains that belong to the DGA family and domains that belong to the DGA family. Therefore, the detection process has the advantages of flexible features, low false positives, low maintenance costs, and high detection rate of new variants.

Description

technical field [0001] The invention relates to the technical field of Internet security, in particular to a method for detecting a DGA domain name. Background technique [0002] DGA (Domain Name Generation Algorithm) is a technical method that uses random characters to generate C&C domain names, thereby evading domain name blacklist detection. For example, if a process attempts to establish a connection to a DGA-generated domain xeogrhxquuubt.com created by Cryptolocker, the trying machine could be infected with the Cryptolocker ransomware virus. Domain blacklists are often used to detect and block connections from these domains, but are not effective for the constantly updated DGA algorithm. [0003] At present, most security products are detected based on domain names, and their features are extracted for detection. However, there will be a problem of high false positives in practical applications. Many normal domain names will be detected, such as Chinese pinyin domain ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/40H04L61/4511H04L41/14
CPCH04L63/1416H04L63/0236H04L41/145H04L61/4511
Inventor 徐钟豪陈伟谢忱
Owner 上海斗象信息科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com