• 中国精品科技期刊
  • CCF推荐A类中文期刊
  • 计算领域高质量科技期刊T1类
Advanced Search
Peng Chengwei, Yun Xiaochun, Zhang Yongzheng, Li Shuhao. Detecting Malicious Domains Using Co-Occurrence Relation Between DNS Query[J]. Journal of Computer Research and Development, 2019, 56(6): 1263-1274. DOI: 10.7544/issn1000-1239.2019.20180481
Citation: Peng Chengwei, Yun Xiaochun, Zhang Yongzheng, Li Shuhao. Detecting Malicious Domains Using Co-Occurrence Relation Between DNS Query[J]. Journal of Computer Research and Development, 2019, 56(6): 1263-1274. DOI: 10.7544/issn1000-1239.2019.20180481
shu

Detecting Malicious Domains Using Co-Occurrence Relation Between DNS Query

  • 1(Institute of Computing Technology, Chinese Academy of Sciences, Beijing 100190)

  • 2(University of Chinese Academy of Sciences, Beijing 100049)

  • 3(Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093)

Funds: This work was supported by the National Key Research and Development Program of China (2016YFB0801502) and the National Natural Science Foundation of China (U1736218).
More Information
  • Published Date: May 31, 2019
    Graphical Abstract
    • Abstract
  • Malicious domains play a vital role in illicit online activities. Effectively detecting the malicious domains can significantly decrease the damage of evil attacks. In this paper, we propose CoDetector, a novel technique to detect malicious domains based on the co-occurrence relationships of domains in DNS (domain name system) queries. We observe that DNS queries are not isolated, whereas co-occur with each other. We base it design on the intuition that domains that tend to co-occur in DNS traffic are strongly associated and are likely to be in the same property (i.e., malicious or benign). Therefore, we first perform coarse-grained clustering of DNS traffic based on the chronological order of DNS queries. The domains co-occurring with each other will be clustered. Then, we design a mapping function that automatically projects every domain into a low-dimensional feature vector while maintaining their co-occurrence relationships. Domains that co-occur with each others are mapped to similar vectors while domains that not co-occur are mapped to distant vectors. Finally, based on the learned feature representations, we train a classifier over a labeled dataset and further apply it to detect unknown malicious domains. We evaluate CoDetector using real-world DNS traffic collected from an enterprise network over two months. The experimental results show that CoDetector can effectively detect malicious domains (91.64% precision and 96.04% recall).
    • FullText(HTML)
    • References (0)
    • Related Articles

  • Related Articles

    [1]Feng Yuhong, Wu Kunhan, Huang Zhihong, Feng Yangzhou, Chen Huanhuan, Bai Jiancong, Ming Zhong. A Set Similarity Self-Join Algorithm with FP-tree and MapReduce[J]. Journal of Computer Research and Development, 2023, 60(12): 2890-2906. DOI: 10.7544/issn1000-1239.202111239
    [2]Xu Yini, Ouyang Dantong, Liu Meng, Zhang Liming, Zhang Yonggang. Algorithm of Computing Minimal Conflict Sets Based on the Structural Feature of Fault Output[J]. Journal of Computer Research and Development, 2018, 55(11): 2386-2394. DOI: 10.7544/issn1000-1239.2018.20170381
    [3]Wang Rongquan, Ouyang Dantong, Wang Yiyuan, Liu Siguang, Zhang Liming. Solving Minimal Hitting Sets Method with SAT Based on DOEC Minimization[J]. Journal of Computer Research and Development, 2018, 55(6): 1273-1281. DOI: 10.7544/issn1000-1239.2018.20160809
    [4]Ouyang Dantong, Zhi Huayun, Liu Bowen, Zhang Liming, Zhang Yonggang. A Method of Computing Minimal Diagnoses Based on Pseudo-Failure-Degree to Create New Enumeration Tree[J]. Journal of Computer Research and Development, 2018, 55(4): 782-790. DOI: 10.7544/issn1000-1239.2018.20170016
    [5]Liu Siguang, Ouyang Dantong, Wang Yiyuan, Jia Fengyu, Zhang Liming. Algorithm of Computing Minimal Hitting Set Based on the Structural Feature of SE-Tree[J]. Journal of Computer Research and Development, 2016, 53(11): 2556-2566. DOI: 10.7544/issn1000-1239.2016.20150396
    [6]Ouyang Dantong, Jia Fengyu, Liu Siguang, Zhang Liming. An Algorithm Based on Extension Rule For Solving #SAT Using Complementary Degree[J]. Journal of Computer Research and Development, 2016, 53(7): 1596-1604. DOI: 10.7544/issn1000-1239.2016.20150032
    [7]Li Shaohua, Feng Qilong, Wang Jianxin, and Chen Jianer. Kernelization for Weighted 3-Set Packing Problem[J]. Journal of Computer Research and Development, 2012, 49(8): 17811-786.
    [8]Hong Yi, Wang Zhaoqi, Zhu Dengming, Qiu Xianjie. Generation of Fire Animation Based on Level-Set[J]. Journal of Computer Research and Development, 2010, 47(11): 1849-1856.
    [9]Ren Jinping and Lü Shuwang. Enumerations and Counting of Orthomorphic Permutations[J]. Journal of Computer Research and Development, 2006, 43(6): 1071-1075.
    [10]Yang Jinji, Su Kaile. Improvement of Local Research in SAT Problem[J]. Journal of Computer Research and Development, 2005, 42(1): 60-65.

  • Cited by

    Periodical cited type(2)

    1. 喻高远,马志强,李俊杰,金先龙. 基于申威异构众核处理器架构的模态并行算法. 振动与冲击. 2022(03): 224-230 .
    2. 聂含伊,杨希,张文喆. 面向多领域的高性能计算机应用综述. 计算机工程与科学. 2018(S1): 145-153 .

    Other cited types(5)

Catalog

    Get Citation
    PDF
    XML
    Article views (1667) PDF downloads (866) Cited by(7)
    Turn off MathJax
    Article Contents
    Abstract
    Related Articles
    Email Alert RSS
    微信订阅号<br/>(实时资讯)

    微信订阅号
    (实时资讯)

    微信服务号<br/>(同步网站)

    微信服务号
    (同步网站)

    微信视频号<br/>(视频分享)

    微信视频号
    (视频分享)

    CCF<br/>(扫码入会)

    CCF
    (扫码入会)

    Copyright © Editorial Department of Computer Research and Development

    Supported by: Beijing Renhe Information Technology Co., Ltd. Baidu Analytics

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return