期刊名称:International Journal of Security and Its Applications
印刷版ISSN:1738-9976
出版年度:2013
卷号:7
期号:1
出版社:SERSC
摘要:Everyday there are millions of domains registered and some of them are related to malicious activities. Recently, domain names have been used to operate malicious networks such as botnet and other types of malicious software (malware). Studies have revealed that it was challenging to keep track of malicious domains by Web content analysis or human observation because of the large number of domains. Legitimate domain names usually consist of English words or other meaningful sequences and can be easy to understand by humans, while malicious domains are generated randomly and do not include meaningful words or are not otherwise readable. Recently, a classification method has been proposed to classify malicious domain names. They used many features from DNS queries, including some textual features. However, it seems difficult to collect and maintain those data. Our contribution is that, by using only domain names we could achieve better classification results, thus showing that domain names themselves contain enough information for classification.
关键词:malware; botnet; support vector machine; Bi-gram
