Journal on Communications ›› 2020, Vol. 41 ›› Issue (5): 37-47.doi: 10.11959/j.issn.1000-436x.2020094

• Papers • Previous Articles     Next Articles

Fast-flucos:malicious domain name detection method for Fast-flux based on DNS traffic

Chunyu HAN1,2,Yongzheng ZHANG2,3,Yu ZHANG1   

  1. 1 College of Computer Science,Nankai University,Tianjin 300071,China
    2 Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093,China
    3 School of Cyber Security,University of Chinese Academy of Sciences,Beijing 100049,China
  • Revised:2020-04-22 Online:2020-05-25 Published:2020-05-30
  • Supported by:
    The National Natural Science Foundation of China(U1736218);Beijing Municipal Science & Technology Commission Project(Z191100007119005)

Abstract:

There are three weaknesses in previous Fast-flux domain name detection method on the aspects of stability,targeting,and applicability to common real-world DNS traffic environment.For this,a method based on DNS traffic,called Fast-flucos was proposed.Firstly,the traffic anomaly filtering and association matching algorithms were used for improving detection stability.Secondly,the features,quantified geographical width,country list,and time list,were applied for better targeting Fast-flux domains.Lastly,the feature extraction were finished by the more suitable samples for trying to adapt to common real-world DNS traffic.Several machine learning algorithms including deep learning are tried for determining the best classifier and feature combination.The experimental result based on real-world DNS traffic shows that Fast-flucos’ recall rate is 0.998 6,precision is 0.976 7,and ROC_AUC is 0.992 9,which are all better than the current main stream approaches,such as EXPOSURE,GRADE and AAGD.

Key words: Fast-flux, domain name system, domain name detection, machine learning, deep learning

CLC Number: 

No Suggested Reading articles found!