| With the development of modern society,the dependence on the internet continues to grow,the issue of cyber security has become one of the most important issues in maintaining the stability of today’s society.When people use the Internet,they often use domain names to make resource queries.It has been found by research that a large number of malicious domain names are used in phishing software,malicious websites and malware.As one of the important factors threatening the current network security,the detection of malicious domain names is an important tool to maintain the security of the network environment.Currently,there are numerous detection methods for malicious domain names,and some detection methods focus on detection accuracy while ignoring the impact of feature design on detection results.The versatility of attack methods leads to reliance on feature extraction and classification algorithms that cannot cope with the endless types of domain names,making it difficult to mine for deep-seated malicious domain names.To address the above issues,the work in this paper is as follows.A malicious domain name detection method based on feature diversification is proposed.In terms of data processing,the domain name is first subjected to a subword formatting operation to transform the domain name into the same style,which facilitates subsequent feature extraction.In terms of feature design,the number of features extracted is reduced by considering the possibility of redundant features,observing and analyzing the distribution of different features,and selecting the features with large distribution differences as detection features.The experimental results show that the method reduces the computational complexity of detection and solves the memory overhead problem under the condition that the detection accuracy is guaranteed to be 95%.A deep domain name detection method based on knowledge graph is proposed.Combining the data generated by domain names in the process of resolution access,the entities used to build the domain name knowledge graph are extracted from domain names,IP addresses,and resolution records,and the relationships are extracted for the connections existing between the entities,and the extracted entities and relationships are stored using the Neo4 j graph database,and then the graphbased inference algorithm is run on the domain name knowledge graph to determine the attributes of unknown domain names by calculating the closeness between the unknown domain names and the known attributes in the graph domain name’s closeness to determine the attributes of the unknown domain name.Through experimental analysis,it is found that the method in this paper maintains good detection performance in the case of different sample sets,and the method has certain stability.Comparing the method with common domain name detection methods,the advantage of the method in terms of accuracy is verified,and it is found by comparing the detection results that the method can effectively identify previously undetected malicious domain names and achieve the mining of deeper hidden malicious domain names. |
PDF Full Text Request