The Application Research Of Malicious Domain Detection Based On Mixing Characteristics

At present,with the rapid development of science and technology,the increasing popularity of the Internet has been creating a more and more convenient daily life for people.As people become increasingly dependent on the network,the complex,dynamic and open Internet environment provides a hotbed of rapid development for the spread of external organized malicious attacks and the use of software defects.Social engineering attacks,mainly telecommunications fraud and network fraud,occur frequently,causing serious security threats to individuals,enterprises,the community and even the whole country.It is difficult for the existing security defense methods,mostly access control and feature detection,to deal with the aforesaid threats.In order to handle cyber attacks in combination with social engineering techniques,this paper plans to make use of malicious domain name detection and attribute extraction,collect the information about malicious domain name registrations through the recursive query,collect cyber traces of social engineering attackers with the malicious domain names as the starting point,to provide support for the establishment of offline social engineering information databases.This paper summarizes the characteristics of malicious domain names,pointing out that differences exist between authoritative domain names and malicious domain names in the aspects of character composition,generation method,and analytical process,designs character features and analytical features that can reflect the aforesaid differences,creates a crawler for automatic feature extraction,and detects 3748 domain names,with a high accuracy.In this way,this paper realizes automatic extraction of information about malicious domain name registrations including names,telephone numbers and other identity information of natural humans in the real space,address,post code and other attribute information of natural humans,email address,QQ numbers and other identity information of virtual humans in the cyber space,IP addresses,network service providers and other attribute information of virtual humans.Through the recursive discovery of malicious domain names and maximum expansion of malicious domain names,this paper discusses the construction of the relevant offline social engineering databases,which helps to find hidden malicious domain names.Social engineering attackers often have "criminal record".This paper collects information about domain name registrations based on malicious domain name detection and attribute extraction to find traces of social engineering attackers,based on such traces explores the laws of malicious behaviors conducted by attackers in a certain period of time,and presents the insight about social engineering attacks in summary and outlook,hoping to curb social engineering attacks in advance in the future work.