Research On A Mining Method On Illegal Domain Names And Their Organizations Based On Association Relationships

As one of the key fundamental resources of the Internet,domain names are relied on by website and mail services.Due to the importance and wide application of domain names,they are often used by scammers for phishing,online gambling,dissemination of obscene pornography,etc..This paper refers to these domain names that are used for illegal purposes as illegal domain names.The first way to mitigate the harm of illegal domain names is to detect and control them in time.Therefore,how to mine illegal domain names and their organizations has become a hot research topic,and has important theoretical significance and research value.Illegal domain name mining includes two parts: illegal domain name discovery and illegal domain name detection.Among them,the discovery work is based on the existing illegal domain name to discover the suspected illegal domain name in unknown domain space,and the detection work is to verify the illegality of the discovered domain name.Based on association relationships between illegal domain names on the website,DNS(Domain Name System),domain name WHOIS and domain name structure,this paper proposes an illegal domain name generation algorithm based on similar names and an illegal domain name detection algorithm based on association relationships,which respectively realizes illegal domain name discovery and illegal domain name detection work,and designs and implements a mining system of illegal domain names and their organizations,mining out related and multiple types of illegal domain names and discovering their organization.The main research contents of this paper are as follows:First of all,this paper proposes an illegal domain name generation algorithm based on similar names.The algorithm obtains illegal domain name clusters with similar names from an existing illegal domain name set by the Mini-Batch K-Means algorithm,and uses this as a training set to train a Sequence Generative Adversarial Net based on the similarity of illegal domain names,and then generates multiple types of new illegal domain names by generated network.Secondly,this paper proposes an illegal domain name detection algorithm based on association relationships.A weighted undirected graph with domain name as vertex,association as edge and comprehensive association degree as edge weight is constructed according to association relationships of domain names in multi-information;The weighted undirected graph is divided by the parallelized Louvain algorithm to obtain a plurality of subgraphs with organizational structure;According to the situation of the label information in a subgraph,corresponding policy processing is adopted respectively.In particular,for the subgraph with legal and illegal labels,a local global consistency learning algorithm is used to predict the labels of unmarked domain name vertices in the subgraph,thereby detecting illegal domain names,and found their organizations.Finally,this paper designs and implements a mining system of illegal domain names and its organizations.The system includes a collection module for collecting blacklists issued by an authoritative third party,three acquisition modules for actively obtaining illegal domain names in an unknown domain name space,and a detection module for verifying the illegality of the acquired domain name and discovering their organizations.Experiments show that the two algorithms and the system designed and implemented in this paper meet the research objectives,and can mine a large number of illegal domain names and their organizations.