• 中国精品科技期刊
  • CCF推荐A类中文期刊
  • 计算领域高质量科技期刊T1类
Advanced Search
Peng Chengwei, Yun Xiaochun, Zhang Yongzheng, Li Shuhao. Detecting Malicious Domains Using Co-Occurrence Relation Between DNS Query[J]. Journal of Computer Research and Development, 2019, 56(6): 1263-1274. DOI: 10.7544/issn1000-1239.2019.20180481
Citation: Peng Chengwei, Yun Xiaochun, Zhang Yongzheng, Li Shuhao. Detecting Malicious Domains Using Co-Occurrence Relation Between DNS Query[J]. Journal of Computer Research and Development, 2019, 56(6): 1263-1274. DOI: 10.7544/issn1000-1239.2019.20180481
shu

Detecting Malicious Domains Using Co-Occurrence Relation Between DNS Query

  • 1(Institute of Computing Technology, Chinese Academy of Sciences, Beijing 100190)

  • 2(University of Chinese Academy of Sciences, Beijing 100049)

  • 3(Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093)

Funds: This work was supported by the National Key Research and Development Program of China (2016YFB0801502) and the National Natural Science Foundation of China (U1736218).
More Information
  • Published Date: May 31, 2019
    Graphical Abstract
    • Abstract
  • Malicious domains play a vital role in illicit online activities. Effectively detecting the malicious domains can significantly decrease the damage of evil attacks. In this paper, we propose CoDetector, a novel technique to detect malicious domains based on the co-occurrence relationships of domains in DNS (domain name system) queries. We observe that DNS queries are not isolated, whereas co-occur with each other. We base it design on the intuition that domains that tend to co-occur in DNS traffic are strongly associated and are likely to be in the same property (i.e., malicious or benign). Therefore, we first perform coarse-grained clustering of DNS traffic based on the chronological order of DNS queries. The domains co-occurring with each other will be clustered. Then, we design a mapping function that automatically projects every domain into a low-dimensional feature vector while maintaining their co-occurrence relationships. Domains that co-occur with each others are mapped to similar vectors while domains that not co-occur are mapped to distant vectors. Finally, based on the learned feature representations, we train a classifier over a labeled dataset and further apply it to detect unknown malicious domains. We evaluate CoDetector using real-world DNS traffic collected from an enterprise network over two months. The experimental results show that CoDetector can effectively detect malicious domains (91.64% precision and 96.04% recall).
    • FullText(HTML)
    • References (0)
    • Related Articles

  • Related Articles

    [1]Wang Chuang, Ding Yan, Huang Chenlin, Song Liantao. Bitsliced Optimization of SM4 Algorithm with the SIMD Instruction Set[J]. Journal of Computer Research and Development, 2024, 61(8): 2097-2109. DOI: 10.7544/issn1000-1239.202220531
    [2]Li Maowen, Qu Guoyuan, Wei Dazhou, Jia Haipeng. Performance Optimization of Neural Network Convolution Based on GPU Platform[J]. Journal of Computer Research and Development, 2022, 59(6): 1181-1191. DOI: 10.7544/issn1000-1239.20200985
    [3]Shen Jie, Long Biao, Jiang Hao, Huang Chun. Implementation and Optimization of Vector Trigonometric Functions on Phytium Processors[J]. Journal of Computer Research and Development, 2020, 57(12): 2610-2620. DOI: 10.7544/issn1000-1239.2020.20190721
    [4]Zhang Jun, Xie Jingcheng, Shen Fanfan, Tan Hai, Wang Lümeng, He Yanxiang. Performance Optimization of Cache Subsystem in General Purpose Graphics Processing Units: A Survey[J]. Journal of Computer Research and Development, 2020, 57(6): 1191-1207. DOI: 10.7544/issn1000-1239.2020.20200113
    [5]Sun Chang’ai, Wang Zhen, Pan Lin. Optimized Mutation Testing Techniques for WS-BPEL Programs[J]. Journal of Computer Research and Development, 2019, 56(4): 895-905. DOI: 10.7544/issn1000-1239.2019.20180037
    [6]Liu Song, Wu Weiguo, Zhao Bo, Jiang Qing. Loop Tiling for Optimization of Locality and Parallelism[J]. Journal of Computer Research and Development, 2015, 52(5): 1160-1176. DOI: 10.7544/issn1000-1239.2015.20131387
    [7]Wang Yongxian, Zhang Lilun, Che Yonggang, Xu Chuanfu, Liu Wei, Cheng Xinghua. Heterogeneous Computing and Optimization on Tianhe-2,Supercomputer System for High-Order Accurate CFD Applications[J]. Journal of Computer Research and Development, 2015, 52(4): 833-842. DOI: 10.7544/issn1000-1239.2015.20131922
    [8]Gu Rong, Yan Jinshuang, Yang Xiaoliang, Yuan Chunfeng, and Huang Yihua. Performance Optimization for Short Job Execution in Hadoop MapReduce[J]. Journal of Computer Research and Development, 2014, 51(6): 1270-1280.
    [9]Luo Hongbing, Zhang Xiaoxia, Wang Wei, and Wu Linping. Instruction Level Parallel Optimizing for Scientific Computing Application[J]. Journal of Computer Research and Development, 2014, 51(6): 1263-1269.
    [10]Li Lei, Niu Chunlei, Chen Ningjiang, Wei Jun. A High-Performance Strategy for Optimizing Web Services[J]. Journal of Computer Research and Development, 2007, 44(7): 1191-1198.

  • Cited by

    Periodical cited type(5)

    1. 郭炜杰,包晓安. 基于Ajax的智能终端一次性口令身份认证仿真. 计算机仿真. 2023(07): 176-179 .
    2. 罗娟,章翠君,王纯. 基于众包的多楼层定位方法. 计算机研究与发展. 2022(02): 452-462 . 本站查看
    3. 胡美慧,向志威. 基于离散余弦变换的电力营销系统客户权限自动识别方法. 自动化技术与应用. 2022(05): 125-129 .
    4. 赵鹏飞. 港口身份智能识别系统设计与实现. 舰船科学技术. 2021(14): 202-204 .
    5. 倪志文,马小虎,孙霄,边丽娜. 结合显式和隐式特征交互的深度融合模型. 计算机工程. 2020(03): 87-92+98 .

    Other cited types(9)

Catalog

    Get Citation
    PDF
    XML
    Article views (1667) PDF downloads (866) Cited by(14)
    Turn off MathJax
    Article Contents
    Abstract
    Related Articles
    Email Alert RSS
    微信订阅号<br/>(实时资讯)

    微信订阅号
    (实时资讯)

    微信服务号<br/>(同步网站)

    微信服务号
    (同步网站)

    微信视频号<br/>(视频分享)

    微信视频号
    (视频分享)

    CCF<br/>(扫码入会)

    CCF
    (扫码入会)

    Copyright © Editorial Department of Computer Research and Development

    Supported by: Beijing Renhe Information Technology Co., Ltd. Baidu Analytics

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return