通信学报 ›› 2018, Vol. 39 ›› Issue (7): 15-25.doi: 10.11959/j.issn.1000-436x.2018116
臧小东1,2,3,龚俭1,2,3,胡晓艳1,2,3
修回日期:
2018-06-21
出版日期:
2018-07-01
发布日期:
2018-08-08
作者简介:
臧小东(1985-),男,山东济宁人,东南大学博士生,主要研究方向为网络安全、网络管理。|龚俭(1957-),男,上海人,博士,东南大学教授、博士生导师,主要研究方向为网络安全、网络管理。|胡晓艳(1985-),女,江西金溪人,博士,东南大学讲师,主要研究方向为网络体系结构、网络安全。
基金资助:
Xiaodong ZANG1,2,3,Jian GONG1,2,3,Xiaoyan HU1,2,3
Revised:
2018-06-21
Online:
2018-07-01
Published:
2018-08-08
Supported by:
摘要:
提出了一种聚类和分类算法相结合的恶意域名检测思路,首先通过聚类关联,辨识出同一域名生成算法(DGA,domain generation algorithm)或其变体生成的域名,然后分别提取每一个聚类集合中算法生成域名(AGD,algorithmically generated domain)的TTL、解析IP分布、归属、whois的更新、完整性及域名的活动历史特征等,利用 SVM 分类器过滤出其中的恶意域名。实验表明,该算法在不需要客户端查询记录信息的情况下即可实现准确率为 98.4%、假阳性为0.9%的恶意域名检测。
中图分类号:
臧小东,龚俭,胡晓艳. 基于AGD的恶意域名检测[J]. 通信学报, 2018, 39(7): 15-25.
Xiaodong ZANG,Jian GONG,Xiaoyan HU. Detecting malicious domain names based on AGD[J]. Journal on Communications, 2018, 39(7): 15-25.
[1] | 江健, 诸葛建伟, 段海新 ,等. 僵尸网络机理与防御技术[J]. 软件学报, 2012,23(1): 82-96. |
JIANG J , ZHUGE J W , DUAN H X ,et al. Research on botnet mechanisms and defenses[J]. Journal of Software, 2012,23(1): 82-96. | |
[2] | YADAV S , REDDY A , REDDY A ,et al. Detecting algorithmically generated malicious domain names[C]// The 10th ACM SIGCOMM Conference on Internet Measurement. 2010: 48-61. |
[3] | STONE G B , COVA M , CAVALLARO L . Your botnet is mybotnet:analysis of a botnet takeover[C]// ACM Conference on Computerand Communications Security (CCS). 2009: 635-647. |
[4] | DANIEL P , KHALED Y , MICHAEL K ,et al. A comprehensive measurement study of domain generating mal-ware[C]// The 25th USENIX Security Symposium. 2016: 263-278. |
[5] | WANG T S , LIN H T , CHENG W T ,et al. DBod:clustering and detecting dga-based botnets using DNS traffic analysis[J]. Computers& Security, 2017,64: 1-15. |
[6] | BILGE L , KIRDA E , KRUEGEL C ,et al. Exposure:finding malicious domains using passive DNS analysis[C]// NDSS. 2011: 1-17. |
[7] | ANTONAKAKIS M , PERDISCI R , NADJI Y . From throw-away traffic to bots:detecting the rise of DGA-Basedmalware[C]// Usenix Conference on Security Symposium. 2012: 24-40. |
[8] | SHARIFNYA R , ABADI M . DFBotKiller:domain-flux botnet detection based on the history of group activities and failures in DNS traffic[J]. Digital Investigation, 2015,12(12): 15-26. |
[9] | KHEIR N , TRAN F , CARON P ,et al. Mentor:positive DNS reputation to skim-off benign domains in botnet c&c blacklists[C]// IFIP International Information Security Conference. 2014: 1-14. |
[10] | MANOS A , ROBERTO P , DAVID D ,et al. Building a dynamic reputation system for DNS[C]// The 19th USENIX Security Symposium (USENIX Security’10). 2010: 273-290. |
[11] | ANTONAKAKIS M , PERDISCI R , LEE W ,et al. Kopis:detecting malware domains at the upper DNS hierarchy[C]// Usenix Conference on Security. 2011. |
[12] | 张维维, 龚俭, 刘尚东 ,等. 面向主干网的 DNS 流量监测研究[J]. 软件学报, 2017,28(9): 2370-2387. |
ZHANG W W , GONG J , LIU S D ,et al. DNS surveillance on backbone[J]. Journal of Software , 2017,28(9): 2370-2387. | |
[13] | THOMAS M , MOHAISEN A . Kindred domains:detecting and clustering botnet domains using DNS traffic[C]// Companion Publication of the International Conference on World Wide Web Companion. 2014: 707-712. |
[14] | STEFANO S , FEDERICO M , LORENZO C ,et al. Phoenix:DGA-based botnet tracking and intelligence[C]// International Conference on Detection of Intrusions& Malware. 2014: 192-211. |
[15] | CELIK Z B , OKTUG S . Detection of fast-flux networks using various DNS feature sets[J]. Computers&Communications, 2013: 868-873. |
[16] | HUANG S Y , MAO C H , LEE H M . Fast-flux service network detection based on spatial snapshot mechanism for delay-free detection[C]// 5th International Symposium on ACM Symposium on Information,Computer and Communications Security . 2010: 101-111. |
[17] | ALMOMANI A . Fast-flux hunter:a system for filtering online fast-flux botnet[J]. Neural Computing& Applications, 2016: 1-11. |
[18] | 袁福祥, 刘粉林, 芦斌 ,等. 基于历史数据的异常域名检测算法[J]. 通信学报, 2016,37(10): 172-180. |
YUAN F X , LIU F L , LU B ,et al. Anomaly domains detection algorithm based on historical data[J]. Journal on Communications, 2016,37(10): 172-180. | |
[19] | WANGA K C , HUANGB C Y , LIN S J ,et al. Fuzzy pattern-based filtering algorithm for botnet detection[J]. Computer Networks, 2011,55(15): 3275-3286. |
[20] | WANG K , HUANG C Y , LIN S J ,et al. A fuzzy pattern-based filtering algorithm for botnet detection[J]. Computer Networks the International Journal of Computer & Telecommunications Networking, 2011,55(15): 3275-3286. |
[21] | 张维维, 龚俭, 刘茜 ,等. 基于词素特征的轻量级域名检测算法[J]. 软件学报, 2016,27(9): 2348-2364. |
ZHANG W W , GONG J , LIU Q ,et al. A Lightweight domain name detection algorithm based on morpheme features[J]. Journal of Software, 2016,27(9): 2348-2364. | |
[22] | LIN H T , LIN Y Y , CHIANG J W . Genetic-based real-time fast-flux service networks detection[J]. Computer Networks, 2013,57(2): 501-513. |
[23] | BILGE L , SEN S , BALZAROTTI D . Exposure:a passive DNS analysis service to detect and report malicious domains[J]. ACM Transactions on Information and System Security (TISSEC), 2014,16(4): 14-41. |
[24] | SHI Y , CHEN G , LI J T . Malicious domain name detection based on extreme machine learning[J]. Neural Process Letters, 2017: 1-11. |
[25] | LI B D , SPRINGER J , BEBIS G ,et al. A survey of network flow applications[J]. Journal of Network and Computer Applications, 2013,36(2): 567-581. |
[1] | 李竟博, 马礼, 李阳, 傅颖勋, 马东超. 感传算协同工业互联网优化设计[J]. 通信学报, 2023, 44(6): 12-22. |
[2] | 赵仕祺, 黄小红, 钟志港. 基于信誉的域间路由选择机制的研究与实现[J]. 通信学报, 2023, 44(6): 47-56. |
[3] | 陈真, 陈文辉, 刘啸威, 尤殿龙, 刘林林, 申利民. 功能互补关系增强的云API推荐方法[J]. 通信学报, 2023, 44(6): 125-137. |
[4] | 魏德宾, 潘成胜, 杨力, 颜佐任. 基于网络流量水平等级预测的自适应随机早期检测算法[J]. 通信学报, 2023, 44(6): 154-166. |
[5] | 李元诚, 秦永泰. 基于深度强化学习的软件定义安全中台QoS实时优化算法[J]. 通信学报, 2023, 44(5): 181-192. |
[6] | 夏莹杰, 朱思雨, 刘雪娇. 区块链架构下具有条件隐私的车辆编队跨信任域高效群组认证研究[J]. 通信学报, 2023, 44(4): 111-123. |
[7] | 谢人超, 文雯, 唐琴琴, 刘云龙, 谢高畅, 黄韬. 轨道交通移动边缘计算网络安全综述[J]. 通信学报, 2023, 44(4): 201-215. |
[8] | 罗智勇, 张玉, 王青, 宋伟伟. 基于贝叶斯攻击图的SDN入侵意图识别算法的研究[J]. 通信学报, 2023, 44(4): 216-225. |
[9] | 王一丰, 郭渊博, 陈庆礼, 方晨, 林韧昊, 周永良, 马佳利. 基于对比增量学习的细粒度恶意流量分类方法[J]. 通信学报, 2023, 44(3): 1-11. |
[10] | 张进, 葛强, 徐伟海, 江逸茗, 马海龙, 于洪涛. 拟态路由器BGP代理的设计实现与形式化验证[J]. 通信学报, 2023, 44(3): 33-44. |
[11] | 经普杰, 王良民, 董学文, 张玉书, 王骞, Muhammad Sohail. 分层跨链结构:一种面向区块链系统监管的可行架构[J]. 通信学报, 2023, 44(3): 93-104. |
[12] | 舒坚, 史佳伟, 刘琳岚, Manar Al-Kali. 基于时空卷积的机会网络拓扑预测[J]. 通信学报, 2023, 44(3): 145-156. |
[13] | 王东滨, 吴东哲, 智慧, 郭昆, 张勖, 时金桥, 张宇, 陆月明. 软件定义网络抗拒绝服务攻击的流表溢出防护[J]. 通信学报, 2023, 44(2): 1-11. |
[14] | 康海燕, 龙墨澜. 基于吸收马尔可夫链攻击图的网络攻击分析方法研究[J]. 通信学报, 2023, 44(2): 122-135. |
[15] | 张云涛, 方滨兴, 杜春来, 王忠儒, 崔志坚, 宋首友. 基于异构观测链的容器逃逸检测方法[J]. 通信学报, 2023, 44(1): 49-63. |
阅读次数 | ||||||
全文 |
|
|||||
摘要 |
|
|||||
|