Method and device for identifying host infected by domain generation algorithm malicious software
The invention provides a method and device for identifying a host infected by domain generation algorithm malicious software, and the method comprises the steps of extracting a plurality of feature vectors according to the query time interval of a host for non-existing domains; clustering the plural...
Gespeichert in:
| Hauptverfasser: | , , , |
|---|---|
| Format: | Patent |
| Sprache: | chi ; eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| Zusammenfassung: | The invention provides a method and device for identifying a host infected by domain generation algorithm malicious software, and the method comprises the steps of extracting a plurality of feature vectors according to the query time interval of a host for non-existing domains; clustering the plurality of feature vectors to form at least one cluster; and performing abnormal value analysis on the clustering cluster to determine a malicious cluster, and determining the host corresponding to the feature vector in the malicious cluster as an infected host. The hosts infected by malicious software based on the domain generation algorithm can be accurately recognized according to the feature vectors extracted by the hosts for the query time interval without the domain, and the mode of determining the infected hosts through analysis of the clusters can not only quickly complete analysis of a large number of feature vectors, but also more efficiently determine the infected hosts. Moreover, the feature vectors are fir |
|---|