Table of Contents Author Guidelines Submit a Manuscript
Journal of Computer Networks and Communications
Volume 2019, Article ID 4612474, 9 pages
https://doi.org/10.1155/2019/4612474
Research Article

Malicious Domain Names Detection Algorithm Based on N-Gram

1School of Computer and Communication, Lanzhou University of Technology, Lanzhou 730050, China
2Department of Mathematics and Computer Science, Fort Valley State University, Fort Valley, GA 31030, USA

Correspondence should be addressed to Hong Zhao; moc.qq@005682495

Received 21 November 2018; Accepted 15 January 2019; Published 3 February 2019

Guest Editor: Saman S. Chaeikar

Copyright © 2019 Hong Zhao et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Linked References

  1. National Internet Emergency Center, “36th internet security threat report,” 2018, http://www.cert.org.cn/publish/main/44/index.html. View at Google Scholar
  2. W. Quan, C. Xu, J. Guan, H. Zhang, and L. A. Grieco, “Scalable name lookup with adaptive prefix bloom filter for named data networking,” IEEE Communications Letters, vol. 18, no. 1, pp. 102–105, 2014. View at Publisher · View at Google Scholar · View at Scopus
  3. S. Yadav, A. K. K. Reddy, A. L. N. Reddy, and S. Ranjan, “Detecting algorithmically generated domain-flux attacks with DNS traffic analysis,” IEEE/ACM Transactions on Networking, vol. 20, no. 5, pp. 1663–1677, 2012. View at Publisher · View at Google Scholar · View at Scopus
  4. W. Quan, C. Xu, A. Vasilakos, and J. Guan, “TB2F: tree-bitmap and bloom-filter for a scalable and efficient name lookup in content-centric networking,” in Proceedings of the IFIP Networking Conference, pp. 1–9, Trondheim, Norway, June 2014. View at Publisher · View at Google Scholar · View at Scopus
  5. L. Bilge, S. Sen, D. Balzarotti, E. Kirda, and C. Kruegel, “Exposure,” Acm Transactions on Information and System Security, vol. 16, no. 4, pp. 1–28, 2014. View at Publisher · View at Google Scholar · View at Scopus
  6. R. Sharifnya and M. Abadi, “DFBotKiller: DFBotKiller: domain-flux botnet detection based on the history of group activities and failures in DNS traffic,” Digital Investigation, vol. 12, no. 12, pp. 15–26, 2015. View at Publisher · View at Google Scholar · View at Scopus
  7. B. Yu, L. Smith, M. Threefoot, and F. Olumofin, “Behavior analysis based DNS tunneling detection and classification with big data technologies,” in Proceedings of International Conference on Internet of Things and Big Date, pp. 284–290, Rome, Italy, April 2016.
  8. Y. Shi, G. Chen, and J. Li, “Malicious domain name detection based on extreme machine learning,” Neural Processing Letters, vol. 48, no. 3, pp. 1347–1357, 2017. View at Publisher · View at Google Scholar · View at Scopus
  9. S. Tian, C. Fang, J. Liu, and Z. Lei, “Detecting malicious domains by massive DNS traffic data analysis,” in Proceedings of the 8th International Conference on Intelligent Human-Machine Systems and Cybernetics, pp. 130–133, Zhejiang, China, August 2016.
  10. Z. Ma, H. Chen, J. Yang, and X. L., “Novel network intrusion detection method based on IPSO-SVM algorithm,” Computer Science, vol. 45, no. 2, pp. 231–235, 2018. View at Google Scholar
  11. P. Kintis, N. Miramirkhani, C. Lever, and Y. Chen, “Hiding in plain sight: a longitudinal study of combosquatting abuse,” in Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, Dallas, TX, USA, August 2017.
  12. P. Zhang, T. Liu, Y. Zhang, J. Ya, and J. Shi, “Domain watcher: detecting malicious domains based on local and global textual features,” in Proceedings of the International Conference on Computational Science, pp. 2408–2412, Zurich, Switzerland, June 2017.
  13. Z. Wu, J. Zhang, M. Yue, and C. Zhang, “Approach of detecting low-rate DoS attack based on combined features,” Journal on Communications, vol. 38, no. 5, pp. 19–30, 2017. View at Google Scholar
  14. W. Song and B. Li, “A method to detect machine generated domain names based on random forest algorithm,” in Proceedings of the International Conference on Information System and Artificial Intelligence, pp. 509–513, Hong Kong, China, June 2017.
  15. C. Xiong, P. Li, P. Zhang, Q. Liu, and J. Tan, “MIRD: trigram-based malicious URL detection implanted with random domain name recognition,” in Proceedings of the 6th International Conference on Applications and Techniques in Information Security, pp. 303–314, Beijing, China, November 2015.
  16. D. Truong, G. Cheng, A. Jakalan, X. Guo, and A. Zhou, “Detecting DGA-based botnet with DNS traffic analysis in monitored network,” Journal Of Internet Technology, vol. 17, no. 2, pp. 217–230, 2016. View at Google Scholar
  17. X. Zang, J. Gong, and X. Hu, “Detecting malicious domain name based on AGD,” Journal on Communications, vol. 39, no. 7, pp. 15–25, 2018. View at Google Scholar
  18. R. Sharifnya and M. Abadi, “A novel reputation system to detect DGA-based botnets,” in Proceedings of the 3rd International Conference on Computer and Knowledge Engineering, pp. 417–423, Mashhad, Iran, October 2013.
  19. J. Kwon, J. Lee, H. Lee, and A. Perrig, “PsyBoG: PsyBoG: a scalable botnet detection method for large-scale DNS traffic,” Computer Networks, vol. 97, pp. 48–73, 2016. View at Publisher · View at Google Scholar · View at Scopus
  20. Y. Zhang, Y. Lu, and Y. Zhang, “Detecting domain flux through patterns of domain names’ alphanumeric characters and querying behavior of hosts,” Journal of Xian Jiaotong University, vol. 47, no. 8, pp. 54–60, 2013. View at Google Scholar
  21. R. Vinayakumar, K. Soman, and P. Poornachandran, “Detecting malicious domain names using deep learning approaches at scale,” in Proceedings of the 3rd International Symposium on Intelligent Systems Technologies and Applications, pp. 1355–1367, Manipal, India, September 2017.
  22. S. Yadav, A. K. K. Reddy, A. L. N. Reddy, and S. Ranjan, “Detecting algorithmically generated malicious domain names,” in Proceedings of the 10th ACM Sigcomm Conference on Internet Measurement, pp. 48–61, Melbourne, Australia, November 2010.
  23. K. Huang, J. Fu, J. Huang, and P. Li, “A malicious domain detection approach based on characters and resolution features,” Computer Simulation, vol. 35, no. 3, pp. 287–292, 2018. View at Google Scholar
  24. W. Zhang, J. Gong, X. Liu, and X. Hu, “Lightweight domain name detection algorithm based on morpheme features,” Journal of Software, vol. 27, no. 9, pp. 2348–2364, 2016. View at Google Scholar
  25. Y. Zhang, Y. Zhang, and J. Xiao, “Detecting the DGA-based malicious domain names,” in Proceedings of the International Standard Conference on Trustworthy Computing and Services, pp. 130–137, Beijing, China, November 2013.
  26. L. Zhao, “Research on a high efficiency pattern matching algorithm for intrusion detection,” Computer and Digital Engineering, vol. 45, no. 8, pp. 1592–1596, 2017. View at Google Scholar
  27. D. A. Orr and L. Sanchez, “Alexa, did you get that? Determining the evidentiary value of data stored by the Amazon Echo,” Digital Investigation, vol. 24, pp. 72–78, 2018. View at Publisher · View at Google Scholar · View at Scopus
  28. Alexa top global sites, 2013, http://www.alexa.com/topsites.
  29. E. Casalicchio, M. Caselli, and A. Coletta, “Measuring the global domain name system,” IEEE Network, vol. 27, no. 1, pp. 25–31, 2013. View at Publisher · View at Google Scholar · View at Scopus
  30. Alexa top global sites, 2017, http://www.alexa.cn/siterank/14.
  31. Malware domain list, 2017, http://www.malwaredomainlist.com.
  32. S. Schüppen, D. Teubert, P. Herrmann, and U. Meyer, “FANCI: feature-based automated NX- Domain classification and intelligence,” in Proceedings of the 27th USENIX Security Symposium, pp. 1165–1181, Baltimore, MD, USA, August 2018.
  33. DNS-BH malware domain blacklist, 2016, http://www.malwaredomains.com.
  34. Phish Tank, 2013, , http://www.phishtank.com.
  35. Blacklist provided by joewein.net (JWSDB), 2015, http://joewein.net/spam/blac-klist.htm.
  36. A. Aborujian and S. Musa, “Cloud-based DDOS http attack detection using covariance matrix approach,” Journal of Computer Networks and Communications, vol. 2017, Article ID 7674594, 8 pages, 2017. View at Publisher · View at Google Scholar · View at Scopus