The Design and Implementation of a Covering MDN-Complete-Life-Cycle Malicious Domain Detection Framework

Li-feng REN, Zhao WANG, Xin LIU, Qing-shan LI, Zhong CHEN

Abstract


Malicious domain name (MDN) detection has seen greatly progress in recent years. In this paper, one covering MDN-Complete-Life-Cycle malicious domain name detection framework is proposed. The framework includes three detection models: DGAD-M (Domain Generation Algorithm Detection Model), DIPD-M (Domain IP Detection Model) and DHTD-M (Domain Host Detection Model), corresponding to the process of the malicious domain generation, malicious domain name resolution and the host requesting a domain. DGAD-M bases on the fact that the domains generated by DGA are always short of natural language features, it adopts Convolutional Neural Network. DIPD-M bases on the fact that the IP addresses of the malicious domains are more disperse and updated frequently. DHTD-M bases on the fact that the domains requested by infected hosts are frequently tend to be malicious. The results of DGAD-M and DIPD-M will be used by DHTD-M. The framework got the accuracy rate of 83.652% with the real network flow and found out 115 suspicious malicious domains.

Keywords


Malicious domain detection, Life cycle, Framework


DOI
10.12783/dtcse/cst2017/12545

Full Text:

PDF

Refbacks

  • There are currently no refbacks.