| Bot-nets endanger existing network security.The emergence of fast-flux and domain-flux technologies has greatly improved its robustness.Bot-net become more difficult to detect.There are many shortcomings in the existing detection methods,so the detection of fast-flux and domain-flux Domain is imminent.The existing detection methods can be divided into active detection,passive detection and comprehensive detection.We investigated the research status at home and abroad and found that the methods have problems such as false positives for CDN domain.This paper decides to study and design a detection method to solve the above problems.This method consists of two parts,one is the detection method based on integration learning,the other is the detection method based on attribute abnormal combination.For fast-flux detection,we only use the Ada-Boosting.For domain-flux detection,we first use the method of attribute combination,and then use Ada-Boosting for the final results.Then this paper implements the two detection methods mentioned above.Then experiments are designed to compare and analyze the detection.Experiments show that the features and methods proposed in this paper can effectively reduce the false positives rate of CDN domain and greatly improve the overall detection performance.Experiment also show that the proposed method for domain-flux detection can reduce the false positives of normal Domain names under the condition of real network traffic.Then we introduce the domain detect system.The system has been put into practical use. |
PDF Full Text Request