• 中国精品科技期刊
  • CCF推荐A类中文期刊
  • 计算领域高质量科技期刊T1类
Advanced Search
Peng Chengwei, Yun Xiaochun, Zhang Yongzheng, Li Shuhao. Detecting Malicious Domains Using Co-Occurrence Relation Between DNS Query[J]. Journal of Computer Research and Development, 2019, 56(6): 1263-1274. DOI: 10.7544/issn1000-1239.2019.20180481
Citation: Peng Chengwei, Yun Xiaochun, Zhang Yongzheng, Li Shuhao. Detecting Malicious Domains Using Co-Occurrence Relation Between DNS Query[J]. Journal of Computer Research and Development, 2019, 56(6): 1263-1274. DOI: 10.7544/issn1000-1239.2019.20180481

Detecting Malicious Domains Using Co-Occurrence Relation Between DNS Query

Funds: This work was supported by the National Key Research and Development Program of China (2016YFB0801502) and the National Natural Science Foundation of China (U1736218).
More Information
  • Published Date: May 31, 2019
  • Malicious domains play a vital role in illicit online activities. Effectively detecting the malicious domains can significantly decrease the damage of evil attacks. In this paper, we propose CoDetector, a novel technique to detect malicious domains based on the co-occurrence relationships of domains in DNS (domain name system) queries. We observe that DNS queries are not isolated, whereas co-occur with each other. We base it design on the intuition that domains that tend to co-occur in DNS traffic are strongly associated and are likely to be in the same property (i.e., malicious or benign). Therefore, we first perform coarse-grained clustering of DNS traffic based on the chronological order of DNS queries. The domains co-occurring with each other will be clustered. Then, we design a mapping function that automatically projects every domain into a low-dimensional feature vector while maintaining their co-occurrence relationships. Domains that co-occur with each others are mapped to similar vectors while domains that not co-occur are mapped to distant vectors. Finally, based on the learned feature representations, we train a classifier over a labeled dataset and further apply it to detect unknown malicious domains. We evaluate CoDetector using real-world DNS traffic collected from an enterprise network over two months. The experimental results show that CoDetector can effectively detect malicious domains (91.64% precision and 96.04% recall).
  • Related Articles

    [1]Wang Yuwei, Liu Min, Ma Cheng, Li Pengfei. High Performance Load Balancing Mechanism for Network Function Virtualization[J]. Journal of Computer Research and Development, 2018, 55(4): 689-703. DOI: 10.7544/issn1000-1239.2018.20170923
    [2]Chen Qi, Chen Zuoning, Jiang Jinhu. MDDS: A Method to Improve the Metadata Performance of Parallel File System for HPC[J]. Journal of Computer Research and Development, 2014, 51(8): 1663-1670. DOI: 10.7544/issn1000-1239.2014.20121094
    [3]Wang Peng, Huang Yan, Li Kun, Guo Youming. Load Balancing Degree First Algorithm on Phase Space for Cloud Computing Cluster[J]. Journal of Computer Research and Development, 2014, 51(5): 1095-1107.
    [4]Shen Zhijun, Zeng Huashen. A Load Balanced Switch Architecture Based on Implicit Flow Splitter[J]. Journal of Computer Research and Development, 2012, 49(6): 1220-1227.
    [5]Liu Xinhua, Li Fangmin, Kuang Hailan, Fang Yilin. An Distributed and Directed Clustering Algorithm Based on Load Balance for Wireless Sensor Network[J]. Journal of Computer Research and Development, 2009, 46(12): 2044-2052.
    [6]Liu Ying, Wang Qirong, Sun Ninghui. Study of Loading Strategy in Shared-Nothing Event Stream Parallel Database Systems[J]. Journal of Computer Research and Development, 2009, 46(1): 159-166.
    [7]Wang Xianghui, Zhang Guoyin, and Xie Xiaoqin. A Load Balance Clustering Algorithm for Multilevel Energy Heterogeneous Wireless Sensor Networks[J]. Journal of Computer Research and Development, 2008, 45(3): 392-399.
    [8]Li Zhenyu, Xie Gaogang. A Load Balancing Algorithm for DHT-Based P2P Systems[J]. Journal of Computer Research and Development, 2006, 43(9): 1579-1585.
    [9]Tian Junfeng, Liu Yuling, and Du Ruizhong. Research of a Load Balancing Model Based on Mobile Agent[J]. Journal of Computer Research and Development, 2006, 43(9): 1571-1578.
    [10]Zhang Xiangquan, Guo Wei. A Bidirectional Path Re-Selection Based Load-Balanced Routing Protocol for Ad-Hoc Networks[J]. Journal of Computer Research and Development, 2006, 43(2): 218-223.

Catalog

    Article views (1664) PDF downloads (866) Cited by()

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return