The Research And Implementation Of Incremental Parallel SVM In Malicious Domain Detection

DNS(Domain Name System) system is an important mechanism on the Internet, which is used to realize the mapping between the domain name and IP address, which help users to access the Internet more easily. However, due to the openness of DNS, DNS is vulnerable to malicious domain name attacks, resulting in the instability of network security. At present, through the analysis of DNS data, using big data and machine learning methods to build classification model, to realize the detection of malicious domain name has become a hot topic of network security research. However, with the explosive growth of the data and the increasing of the data, traditional malicious domain detection algorithm in dealing with large-scale real-time data sets, the detection rate is low, the detection accuracy is not high, and the timeliness is not strong.First, the variability of data for large-scale data set is strong, resulting in decreased classification accuracy of SVM problem, a malicious domain incremental SVM detection method based on the distance from the hyperplane defined and misclassified samples, classification model to achieve continuously updated. Secondly, in order to accelerate the processing efficiency of the algorithm for large data sets, to achieve the parallelism of SVM method to accelerate the detection efficiency of the malicious domain. Finally, in parallel to achieve incremental SVM method on the Spark platform to verify the validity of the algorithm.Experimental results show that the incremental detecting malicious domain Parallel SVM method is proposed in this paper, and its classification accuracy is much higher than that of logistic regression, naive Bayes and so on. Compared with the traditional SVM algorithm, the proposed method can effectively reduce the size of the training data set, and improve the training efficiency and detection efficiency. Incremental detection model can be completed in a faster time to update, and the detection model classification accuracy was maintained at approximately 95%. Experimental results show that this method for detecting malicious domain is effective.