| In recent years, with the rapid development of Internet and the increasing growth of network services and security needs, the existence of malicious domain name has become a much more serious problem for personal and corporate privacy and property safety. Malicious domain name detection and mining technology are the key technologies to resist network attacks. Therefore, how to find malicious domain name as soon as possible, in order to carry on the control and protection, has become an urgent problem in the field of network security.In this paper, the system gets a lot of malicious domain names and domain WHOIS information by detecting, proposes mining model based on malicious url lexical features and mining model based on malicious domain WHOIS information, and a malicious domain name mining and analysis system is designed and implemented. this sytem can find malicious domain name from from a large number of unknown domain urls.Firstly, the paper introduces the relevant knowledge of domain names, including basic theory of domain name, the domain WHOIS information and malicious domain knowledge, elaborated on the principles of domain WHOIS information acquistitionmethod, and malicious urls lexical features selection and extraction.Secondly, a malicious domain mining and analysis system is designed and implemented. The system is divided into four modules, including basic data acquisition, data related to domain name, malicious domain data mining and staticstical analysis. Among them, the basic data acquisition model includes acquiring a large number of malicious urls and access to massive domain names. the detection of domain related data includes IP detection, online detection and malicious detection. the most important is the detection of domain WHOIS. Mining from the url vocabulary characteristics and malicious domain name WHOIS information two aspects, realize the malicious domain of mining. Based data, data analysis, including a large number of malicious domain names and domain name WHOIS information is analyzed, designed and implemented a domain name WHOIS statistical analysis system.Finally, both from the functional and performance of each module and sub-function module of the system has been tested in detail, and the data is subjected to statistical analysis, to provide reference for performance improvement.In conclusion, the malicious domain name mining and analysis system is completed. The system test results show that the system meets the design goal, and it provides a large number of domain names related basic data to other systems. |
PDF Full Text Request