Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Malicious domain name detection method and detection system based on multi-dimensional features and fuzzy rough set

A fuzzy rough set and domain name detection technology, which is applied in transmission systems, digital transmission systems, character and pattern recognition, etc., can solve problems such as low classification accuracy, low generalization of detection models, and inability to effectively detect malicious domain names, etc., to achieve The effect of improving detection accuracy

Pending Publication Date: 2022-06-24
NANJING UNIV OF AERONAUTICS & ASTRONAUTICS
View PDF0 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Traditional methods mostly extract statistical features from the network, such as average packet size, uploaded / downloaded bytes, etc. However, these features cannot detect all types of malware well, resulting in low classification accuracy. Therefore, later researchers began to extract features from the network traffic itself, such as extracting domain name strings, timestamps, etc. from the HTTP protocol based on the application layer.
The current Android malware detection scheme based on domain name features cannot effectively detect malicious domain names and the extraction of DNS domain name features is not comprehensive enough, resulting in low generalization of the detection model, which is easily evaded by new malware

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious domain name detection method and detection system based on multi-dimensional features and fuzzy rough set
  • Malicious domain name detection method and detection system based on multi-dimensional features and fuzzy rough set
  • Malicious domain name detection method and detection system based on multi-dimensional features and fuzzy rough set

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0054] see figure 1 , this embodiment 1 provides a malicious domain name detection system based on multi-dimensional features and fuzzy rough sets, the system specifically includes:

[0055] Module 1, training module, is divided into feature extraction and model training;

[0056] Specifically, in this embodiment, the above feature extraction specifically includes: extracting multi-dimensional features from domain name information collected from network traffic;

[0057] Specifically, in this embodiment, the above-mentioned model training specifically includes: adopting the interval training method and using the online incremental fuzzy rough support vector machine algorithm;

[0058] Module 2, classification module, classifies the domain name, and the output is a label, which can classify the input domain name as a malicious domain name or a benign domain name;

[0059] Module 3, the warning module, warns the user according to the label output by the classification module; ...

Embodiment 2

[0080] The second embodiment provides a malicious domain name detection method based on multi-dimensional features and fuzzy rough sets, and the detection method includes the following steps:

[0081] Step S1, perform feature extraction and model training, which includes:

[0082] First, obtain domain name information from network traffic, and then extract multi-dimensional features based on the domain name information. Multi-dimensional features include: structural features, language features, and statistical features;

[0083] Then, for the extracted multi-dimensional features, the interval training method is adopted, and the online incremental fuzzy rough support vector machine algorithm is used for model training;

[0084] Finally, the classification model is obtained;

[0085] Step S2, classifying, which includes:

[0086] For a domain name to be detected, input it into the classification model obtained in step S1 for classification, and the output of the classification...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a malicious domain name detection method and detection system based on multi-dimensional features and a fuzzy rough set, and provides a new scheme for solving the problems that an existing Android malicious software detection scheme based on domain name features cannot effectively detect malicious domain names and DNS domain name feature extraction is not comprehensive enough. According to the method, DNS domain name information is deeply analyzed from the angles of structure, language and statistics, totally 26 features are extracted, multi-dimensional features of domain name detection are expanded, the weight of a clustering center is dynamically adjusted by using an online incremental fuzzy rough vector machine algorithm, and finally the detection precision is improved.

Description

technical field [0001] The invention relates to the technical field of malicious domain name detection, in particular to a malicious domain name detection method and detection system based on multi-dimensional features and fuzzy rough sets. Background technique [0002] With the development of the Internet of Everything, network traffic has also become one of the important ways to detect malware. Most traditional methods extract statistical features from the network, such as average packet size, number of bytes uploaded / downloaded, etc. However, these features cannot detect all types of malware well, resulting in low classification accuracy. Therefore, later researchers began to extract features from the network traffic itself, such as domain name strings, timestamps, etc. based on the HTTP protocol at the application layer. The current Android malware detection scheme based on domain name features has the problems that it cannot effectively detect malicious domain names an...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06K9/62G06F16/35H04L9/40H04L61/4511
CPCG06F16/353G06F16/355H04L63/1416G06F18/217G06F18/24137G06F18/2411G06F18/214
Inventor 方黎明朱泽升恽昕宇
Owner NANJING UNIV OF AERONAUTICS & ASTRONAUTICS
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com