| With the development of the Internet,the number of domain names is increasing year by year.More and more malicious attackers use domain names similar to those of well-known companies to deceive ordinary Internet users.Such malicious similar domain names seriously threaten the network security of ordinary Internet users.In view of this kind of malicious behavior,the existing detection methods include the detection method of generating suspicious similar domain name characters based on the domain name to be detected by using the model;the detection method of comparing the list character by character based on the domain name to be detected by using the reference domain name list and similar characters;and the detection method of determining the similarity between the domain names captured in a single bit time period.However,the existing detection methods have some problems,such as low detection efficiency,inability to explore flexible combination of domain names and insensitivity to malicious similar domain names that suddenly appear in the network environment.To solve the above problems,this thesis designs and implements a malicious similar domain name detection system based on domain name similarity features.The malicious similar domain name detection technology proposed in this thesis is based on the real-time traffic to determine whether there are malicious similar domain names in the local area network environment.The detection technology analyzes and processes the domain name information and URL information of HTTP traffic,and uses the reference domain name list and domain name similarity features to screen out the legitimate domain names that may be counterfeited.Then,for the suspicious similar domain name pairs detected,we use web page similarity calculation and virus total virus search tool to determine whether they belong to malicious traffic.Using 13808 malicious similar domain names for experimental evaluation,it is found that the detection scheme can improve the screening speed of suspicious similar domain names,and also can deal with the flexible combination of domain names.A distributed malicious similar domain name detection system is designed and implemented.The system includes front-end module,traffic monitoring module,suspicious similar domain name screening module,similar domain name pair detection module,system storage module and task scheduling module.In order to improve the detection efficiency of the system,the system uses the big data platform as the data support,and uses sparkstreaming to process the traffic data;in order to reduce the coupling of the system,the Kafka message queue is used to cache the intermediate results processed by the sub modules of the system;in order to improve the maintainability of the system,the docker is used to deploy the big data platform,and ambari is used to manage the cluster resources.Finally,the test shows the integrity and effectiveness of the system function. |
PDF Full Text Request