| In recent years,with the development of the Internet,the increasing use of computer networks and the deepening of social informatization,the incidents of Interent security occurred frequently.Governments,companies and individuals have been affected by different degrees and Internet security has increasingly become the focus of social attention.The affected factors of the security of Internet environment are the security vulnerablities casused by individual's wrong operation,the bad information published by individual,the attacks of network virus,trojan virus and botnet,the defects of software and so on.By study,the malicious websites,or malicious domain,can attack user accounts,cause DDo S attacks,generate botnet and do harm of the advertising and search industry.In response to this situation,plans to develop a network traffic security system to monitor and solve the various of harms.And the subsystem domain exception detecting system will aim at the harm caused by malicious domain.This system will detect the massive network traffic logs,find and handle the malicious domain,reduce the harm caused by the malicious domain and improve the network security.In this paper,the existing methods for detecting malicious domain and the domain exception detecting system are fully researched,they all have advantages and disadvantages.Before the requirement analysis,these shortcomings were fully explored.The physical architecture and functional structure of the system are designed according to user requirements and business needs.And considering the explosive growth of information in the age of big data,the system is planned to be built on Data Engine,the company's big data platform.The domain exception detecting system can be divided into two modules,classification model building module and malicious domain detecting module.The classification model building module involves data set preparation,classification feature extraction,such as domain entropy,n-gram ranking,the value of the markov chain,and so on,model building,model evaluation and other functions.The data set and traffic logs used by this system saved on HDFS and Elastic Search.We will use the machine learning method logistic regression to build the classification model and the effectiveness of this model will be verified from the precision rate and recall rate.And will use the optimized model to test the network traffic log and find the malicious domain,output the malicious domain and associated IP.They both operate on Spark.The domain exception detecting system can monitor and detect network traffic.detect and handle malicious domains and associated risk IPs in DNS logs timely.Finally,through the verification of test data,the accuracy rate of domain exception detecting system is over 91%,and the recall rate reaches over 87%,which meets that the system is satisfies the design requirements.This system and other subsystems of network traffic security system complement each other to maintain a healthy Internet environment. |
PDF Full Text Request