| As the Internet becomes more popular,the security of the internet has attracted more attention.As a attacking and controlling method with high controllability,wide coverage and strong influence,botnet has become concerned intensely.In this thesis,by the analysis and extraction of DNS server flow,the corresponding C&C server of Domain-Flux and Fast-Flux botnet control servers query strategy is identified.Based on the analysis of these botnet query methods,this thesis proposed a method of DGA domain name detection method based on voice and packet characteristics for Domain-Flux.On the basis of previous studies,the DGA algorithm is considered to have poor readability and the characteristics of the group,combined with the short text feature of DGA domain name.The voice and other features of the domain name is extracted.By using the domains generated by the Conficker maleware to verify,the results show that the detection method proposed in this thesis has a certain degree of improvement,and reduce the false alarm rate.As for Fast-Flux domain name,this thesis focuses on the the relationship of FastFlux domain name resolution time characteristics,IP and domain name.The domain name is divided into black list,white list,and gray list.Calculate the DGA probability of the second level domain name and sub level domain name of the domain name,respectively.Grade the reliability degree of the domain,and use it as a input of the classifier.As of the correlation of domain name and IP,this thesis considers the corresponding relationship between the IP and domain name,calculates the confidence level of the unknown IP as the standard to evaluate confidence degree of domain name.Use machine learning method to detect the domain name information from the DNS query traffic. |
PDF Full Text Request