Using Passive DNS to Detect Malicious Domain Name

Abstract

With the prosperity of the Internet, the number of malicious domain name is enormous, and the scope and harm of the threats they create are increasing. Using traditional reputation systems and reverse engineering methods to detect malicious domain name cannot be real-time, and the process of detecting malicious domain name is complicated and cumbersome. In order to make up for the deficiencies and maintain accuracy, this paper adopts machine-learning method and uses passive DNS as the analytical data to construct a malicious domain name classification detection model. According to the access characteristics and character characteristics of domain name, we designed a complete feature analysis scheme and proposed a multi-dimensional DGA domain name detection method. We also propose a pornographic domain name detection method based on word vector in combination with the Chinese network environment. Finally, we implement prototype systems for malicious domain name detection and achieve good results.