• 中国精品科技期刊
  • CCF推荐A类中文期刊
  • 计算领域高质量科技期刊T1类
Advanced Search
Peng Chengwei, Yun Xiaochun, Zhang Yongzheng, Li Shuhao. Detecting Malicious Domains Using Co-Occurrence Relation Between DNS Query[J]. Journal of Computer Research and Development, 2019, 56(6): 1263-1274. DOI: 10.7544/issn1000-1239.2019.20180481
Citation: Peng Chengwei, Yun Xiaochun, Zhang Yongzheng, Li Shuhao. Detecting Malicious Domains Using Co-Occurrence Relation Between DNS Query[J]. Journal of Computer Research and Development, 2019, 56(6): 1263-1274. DOI: 10.7544/issn1000-1239.2019.20180481
shu

Detecting Malicious Domains Using Co-Occurrence Relation Between DNS Query

  • 1(Institute of Computing Technology, Chinese Academy of Sciences, Beijing 100190)

  • 2(University of Chinese Academy of Sciences, Beijing 100049)

  • 3(Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093)

Funds: This work was supported by the National Key Research and Development Program of China (2016YFB0801502) and the National Natural Science Foundation of China (U1736218).
More Information
  • Published Date: May 31, 2019
    Graphical Abstract
    • Abstract
  • Malicious domains play a vital role in illicit online activities. Effectively detecting the malicious domains can significantly decrease the damage of evil attacks. In this paper, we propose CoDetector, a novel technique to detect malicious domains based on the co-occurrence relationships of domains in DNS (domain name system) queries. We observe that DNS queries are not isolated, whereas co-occur with each other. We base it design on the intuition that domains that tend to co-occur in DNS traffic are strongly associated and are likely to be in the same property (i.e., malicious or benign). Therefore, we first perform coarse-grained clustering of DNS traffic based on the chronological order of DNS queries. The domains co-occurring with each other will be clustered. Then, we design a mapping function that automatically projects every domain into a low-dimensional feature vector while maintaining their co-occurrence relationships. Domains that co-occur with each others are mapped to similar vectors while domains that not co-occur are mapped to distant vectors. Finally, based on the learned feature representations, we train a classifier over a labeled dataset and further apply it to detect unknown malicious domains. We evaluate CoDetector using real-world DNS traffic collected from an enterprise network over two months. The experimental results show that CoDetector can effectively detect malicious domains (91.64% precision and 96.04% recall).
    • FullText(HTML)
    • References (0)
    • Related Articles

  • Related Articles

    [1]Fu Nan, Ni Weiwei, Jiang Zepeng, Hou Lihe, Zhang Dongyue, Zhang Ruyu. Directed Graph Clustering Algorithm with Edge Local Differential Privacy[J]. Journal of Computer Research and Development, 2025, 62(1): 256-268. DOI: 10.7544/issn1000-1239.202330193
    [2]Xia Sibo, Ma Minghua, Jin Pengxiang, Cui Liyue, Zhang Shenglin, Jin Wa, Sun Yongqian, Pei Dan. Response Time Anomaly Diagnosis for Search Service[J]. Journal of Computer Research and Development, 2024, 61(6): 1573-1584. DOI: 10.7544/issn1000-1239.202330054
    [3]Zhang Xiaojian, Xu Yaxin, Fu Nan, Meng Xiaofeng. Towards Private Key-Value Data Collection with Histogram[J]. Journal of Computer Research and Development, 2021, 58(3): 624-637. DOI: 10.7544/issn1000-1239.2021.20200319
    [4]Ding Yong, Li Jiahui, Tang Shijie, Wang Huiyong. Template Protection of Speaker Recognition Based on Random Mapping Technology[J]. Journal of Computer Research and Development, 2020, 57(10): 2201-2208. DOI: 10.7544/issn1000-1239.2020.20200474
    [5]Li Shengdong, Lü Xueqiang. Static Restart Stochastic Gradient Descent Algorithm Based on Image Question Answering[J]. Journal of Computer Research and Development, 2019, 56(5): 1092-1100. DOI: 10.7544/issn1000-1239.2019.20180472
    [6]Chen Chi, Feng Dengguo, and Xu Zhen. Research on Database Transaction Recovery Log and Intrusion Response[J]. Journal of Computer Research and Development, 2010, 47(10): 1797-1804.
    [7]Mu Chengpo, Huang Houkuan, Tian Shengfeng, Li Xiangjun. A Survey of Intrusion Response Decision-Making Techniques of Automated Intrusion Response Systems[J]. Journal of Computer Research and Development, 2008, 45(8): 1290-1298.
    [8]Shi Jin, Lu Yin, and Xie Li. Dynamic Intrusion Response Based on Game Theory[J]. Journal of Computer Research and Development, 2008, 45(5): 747-757.
    [9]Liu Li, Wang Zhaoqi, Xia Shihong, Li Chunpeng. Research on Directional Penetration Depth Algorithm in Collision Response[J]. Journal of Computer Research and Development, 2008, 45(3): 519-526.
    [10]Shi Rui and Yang Xiaozong. Research on the Node Spatial Probabilistic Distribution of the Random Waypoint Mobility Model for Ad Hoc Network[J]. Journal of Computer Research and Development, 2005, 42(12): 2056-2062.

  • Cited by

    Periodical cited type(6)

    1. 付楠,倪巍伟,姜泽鹏,侯立贺,张东月,张如玉. 基于本地边差分隐私的有向图聚类算法. 计算机研究与发展. 2025(01): 256-268 . 本站查看
    2. 彭鹏,倪志伟,朱旭辉,陈千. 改进萤火虫群算法协同差分隐私的干扰轨迹发布. 计算机应用. 2024(02): 496-503 .
    3. 刘利康,周春来. RCP:本地差分隐私下的均值保护技术. 计算机科学. 2023(02): 333-345 .
    4. 陈叶旺,曹海露,陈谊,康昭,雷震,杜吉祥. 面向大规模数据的DBSCAN加速算法综述. 计算机研究与发展. 2023(09): 2028-2047 . 本站查看
    5. 尹诗玉,朱友文,张跃. 效用优化的本地差分隐私联合分布估计机制. 计算机科学. 2023(10): 315-326 .
    6. 琚晓颖,何金莉,石琇赟,李顺勇. 基于拉普拉斯机制的集成分类隐私保护研究. 长江信息通信. 2022(08): 23-27 .

    Other cited types(9)

Catalog

    Get Citation
    PDF
    XML
    Article views (1660) PDF downloads (865) Cited by(15)
    Turn off MathJax
    Article Contents
    Abstract
    Related Articles
    Email Alert RSS
    微信订阅号<br/>(实时资讯)

    微信订阅号
    (实时资讯)

    微信服务号<br/>(同步网站)

    微信服务号
    (同步网站)

    微信视频号<br/>(视频分享)

    微信视频号
    (视频分享)

    CCF<br/>(扫码入会)

    CCF
    (扫码入会)

    Copyright © Editorial Department of Computer Research and Development

    Supported by: Beijing Renhe Information Technology Co., Ltd. Baidu Analytics

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return