Abstract: Attackers use the domain names to carry out various kinds of network attacks flexibly. Many scholars have put forward some malicious domain name detection methods based on statistical characteristics and association relationship. However, the two methods have shortcomings in the representation of higher-order relationship of domain name attributes, and cannot accurately present the global higher-order relationship between domains. To solve these problems, a malicious domain name detection method based on embedded feature hypergraph learning is proposed. Firstly, the domain name hypergraph structure is constructed by decision tree based on domain name spatial statistical characteristics. The output of the penultimate node of the decision tree is used as a priori condition to form a hyperedge, and the multi-order correlation between domain name traffic is quickly and clearly represented. Secondly, the character embedding features are enhanced based on the hypergraph structure features, and the hidden higher-order relationships between characters are mined from the domain name data based on the statistical characteristics of domain name space and the encoding characteristics of domain name character embedding. Finally, combined with the real domain name system traffic of China Science and Technology network, the validity and feasibility are analyzed and evaluated, which can quickly and efficiently detect hidden malicious domain names.