Malicious Domain Names Detection Algorithm Based on Lexical Analysis and Feature Quantification

doi:10.1109/ACCESS.2019.2940554

	Malicious Domain Names Detection Algorithm Based on Lexical Analysis and Feature Quantification
	Zhao, Hong 2; Chang, Zhaobin 2; Wang, Weijie 2; Zeng, Xiangyan 1
刊名	IEEE ACCESS
	2019
卷号	7 页码:128990-128999
关键词	Malicious domain names N-gram domain name substring edit distance reputation value
ISSN号	2169-3536
DOI	10.1109/ACCESS.2019.2940554
英文摘要	Malicious domain names usually refer to a series of illegal activities, posing threats to people's privacy and property. Therefore, the problem of detecting malicious domain names has aroused widespread concerns. In this study, a malicious domain names detection algorithm based on lexical analysis and feature quantification is proposed. To achieve efficient and accurate detection, the method includes two phases. The first phase checks an observed domain name against a blacklist of known malicious uniform resource locator (URLs). The observed domain name is classified as being definitely malicious or potentially malicious based on its edit distances to the domain names on the blacklist. The second phase further evaluates a potential malicious domain name by its reputation value that represents its lexical feature and is calculated based on an N-gram model. The top 100,000 normal domain names in Alexa are used to obtain a whitelist substring set using the N-gram method in which each domain name excluding the top-level domain is segmented into substrings with the length of 3, 4, 5, 6 and 7. The weighted values of the substrings are calculated according to their occurrence counts in the whitelist substring set. A potential malicious domain name is segmented by the N-gram method and its reputation value is calculated based on the weighted values of its substrings. Finally, the potential malicious domain name is determined to be malicious or normal based on its reputation value. The effectiveness of the proposed detection method has been demonstrated by experiments on public available data.
资助项目	Gansu Science Foundation of China[18JR3RA156]
WOS研究方向	Computer Science ; Engineering ; Telecommunications
语种	英语
出版者	IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
WOS记录号	WOS:000487233800068
状态	已发表
内容类型	期刊论文
源URL	[http://119.78.100.223/handle/2XXMBERH/32246]
专题	计算机与通信学院
通讯作者	Chang, Zhaobin
作者单位	1.Ft Valley State Univ, Dept Math & Comp Sci, Ft Valley, GA 31030 USA 2.Lanzhou Univ Technol, Sch Comp & Commun, Lanzhou 730050, Gansu, Peoples R China
推荐引用方式 GB/T 7714	Zhao, Hong,Chang, Zhaobin,Wang, Weijie,et al. Malicious Domain Names Detection Algorithm Based on Lexical Analysis and Feature Quantification[J]. IEEE ACCESS,2019,7:128990-128999.
APA	Zhao, Hong,Chang, Zhaobin,Wang, Weijie,&Zeng, Xiangyan.(2019).Malicious Domain Names Detection Algorithm Based on Lexical Analysis and Feature Quantification.IEEE ACCESS,7,128990-128999.
MLA	Zhao, Hong,et al."Malicious Domain Names Detection Algorithm Based on Lexical Analysis and Feature Quantification".IEEE ACCESS 7(2019):128990-128999.