Anomaly domains detection algorithm based on historical data
An anomaly domains detection algorithm was proposed based on domains’ historical data.Based on statistical differences in historical data of legitimate domains and malicious domains,the proposed algorithm used domains’ lifetime,changes of whois information,whois information integrity,IP changes,doma...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2016-10-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2016208/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841539562135879680 |
|---|---|
| author | Fu-xiang YUAN Fen-lin LIU Bin LU Dao-fu GONG |
| author_facet | Fu-xiang YUAN Fen-lin LIU Bin LU Dao-fu GONG |
| author_sort | Fu-xiang YUAN |
| collection | DOAJ |
| description | An anomaly domains detection algorithm was proposed based on domains’ historical data.Based on statistical differences in historical data of legitimate domains and malicious domains,the proposed algorithm used domains’ lifetime,changes of whois information,whois information integrity,IP changes,domains that share same IP,TTL value,etc,as main parameters and concrete representations of features for classification were given.And on this basis the proposed algorithm constructed SVM classifier for detecting anomaly domains.Features analysis and experimental results show that the algorithm obtains high detection accuracy to unknown domains,especially suitable for detecting long lived malicious domains. |
| format | Article |
| id | doaj-art-2ffe2e27ea844eb985b16485f0542ec8 |
| institution | Kabale University |
| issn | 1000-436X |
| language | zho |
| publishDate | 2016-10-01 |
| publisher | Editorial Department of Journal on Communications |
| record_format | Article |
| series | Tongxin xuebao |
| spelling | doaj-art-2ffe2e27ea844eb985b16485f0542ec82025-01-14T06:56:13ZzhoEditorial Department of Journal on CommunicationsTongxin xuebao1000-436X2016-10-013717218059704190Anomaly domains detection algorithm based on historical dataFu-xiang YUANFen-lin LIUBin LUDao-fu GONGAn anomaly domains detection algorithm was proposed based on domains’ historical data.Based on statistical differences in historical data of legitimate domains and malicious domains,the proposed algorithm used domains’ lifetime,changes of whois information,whois information integrity,IP changes,domains that share same IP,TTL value,etc,as main parameters and concrete representations of features for classification were given.And on this basis the proposed algorithm constructed SVM classifier for detecting anomaly domains.Features analysis and experimental results show that the algorithm obtains high detection accuracy to unknown domains,especially suitable for detecting long lived malicious domains.http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2016208/anomaly domaindomain historical datafeaturedetection |
| spellingShingle | Fu-xiang YUAN Fen-lin LIU Bin LU Dao-fu GONG Anomaly domains detection algorithm based on historical data Tongxin xuebao anomaly domain domain historical data feature detection |
| title | Anomaly domains detection algorithm based on historical data |
| title_full | Anomaly domains detection algorithm based on historical data |
| title_fullStr | Anomaly domains detection algorithm based on historical data |
| title_full_unstemmed | Anomaly domains detection algorithm based on historical data |
| title_short | Anomaly domains detection algorithm based on historical data |
| title_sort | anomaly domains detection algorithm based on historical data |
| topic | anomaly domain domain historical data feature detection |
| url | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2016208/ |
| work_keys_str_mv | AT fuxiangyuan anomalydomainsdetectionalgorithmbasedonhistoricaldata AT fenlinliu anomalydomainsdetectionalgorithmbasedonhistoricaldata AT binlu anomalydomainsdetectionalgorithmbasedonhistoricaldata AT daofugong anomalydomainsdetectionalgorithmbasedonhistoricaldata |