Fast-flucos:malicious domain name detection method for Fast-flux based on DNS traffic |
| |
Authors: | Chunyu HAN Yongzheng ZHANG Yu ZHANG |
| |
Affiliation: | 1. College of Computer Science,Nankai University,Tianjin 300071,China;2. Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093,China;3. School of Cyber Security,University of Chinese Academy of Sciences,Beijing 100049,China |
| |
Abstract: | There are three weaknesses in previous Fast-flux domain name detection method on the aspects of stability,targeting,and applicability to common real-world DNS traffic environment.For this,a method based on DNS traffic,called Fast-flucos was proposed.Firstly,the traffic anomaly filtering and association matching algorithms were used for improving detection stability.Secondly,the features,quantified geographical width,country list,and time list,were applied for better targeting Fast-flux domains.Lastly,the feature extraction were finished by the more suitable samples for trying to adapt to common real-world DNS traffic.Several machine learning algorithms including deep learning are tried for determining the best classifier and feature combination.The experimental result based on real-world DNS traffic shows that Fast-flucos’ recall rate is 0.998 6,precision is 0.976 7,and ROC_AUC is 0.992 9,which are all better than the current main stream approaches,such as EXPOSURE,GRADE and AAGD. |
| |
Keywords: | Fast-flux domain name system domain name detection machine learning deep learning |
|
| 点击此处可从《通信学报》浏览原始摘要信息 |
|
点击此处可从《通信学报》下载全文 |
|