Malicious domain name detection method based on associated information extraction
To improve the accuracy of malicious domain name detection based on the associated information, a detection method combining resolution information and query time was proposed.Firstly, the resolution information was mapped to nodes and edges in a heterogeneous information network, which improved the...
Saved in:
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2021-10-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2021181/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | To improve the accuracy of malicious domain name detection based on the associated information, a detection method combining resolution information and query time was proposed.Firstly, the resolution information was mapped to nodes and edges in a heterogeneous information network, which improved the utilization rate.Secondly, considering the problem of high computational complexity in extracting associated information with matrix multiplication, an efficiency breadth-first network traversal algorithm based on meta-path was proposed.Then, the query time was used to detect the domain names lacking meta-path information, which improved the coverage rate.Finally, domain names were vectorized by representation learning with adaptive weight.The Euclidean distance between domain name feature vectors was used to quantify the correlation between domain names.Based on the vectors learned above, a supervised classifier was constructed to detect malicious domain names.Theoretical analysis and experimental results show that the proposed method preforms well in extraction domain name associated information.The coverage rate and F1 score are 97.7% and 0.951 respectively. |
|---|---|
| ISSN: | 1000-436X |