Title: Detection of malicious domain names based on an improved hidden Markov model
Authors: Hengliang Tang; Chengang Dong
Addresses: School of Information, Beijing Wuzi University, Beijing 101149, China ' School of Information, Beijing Wuzi University, Beijing 101149, China
Abstract: The ability to detect malicious domain names is critical for protection against internet security, data theft, and other dangers. Current methods for recognising malicious domain names have demonstrated poor detection accuracy in dealing with massive data. This paper proposes a novel malicious domain name detection method based on an improved Hidden Markov Model (HMM). Firstly, by analysing various characteristics of good and evil domain names in DNS communication, we can use Spark fast extraction to distinguish their attributes; then, we can quickly classify unknown domain names accurately by using Baum-Welch algorithm and Viterbi algorithm in Hidden Markov Model (BVHMM) to achieve the effective detection of malicious domain names; finally, to test our approach, we conducted a series of experiments, and the experimental results demonstrate that our model achieves good accuracy and recall rate as compared with other detection models.
Keywords: malicious domain names; hidden Markov model; Baum-Welch algorithm; Viterbi algorithm; Spark.
DOI: 10.1504/IJWMC.2019.097426
International Journal of Wireless and Mobile Computing, 2019 Vol.16 No.1, pp.58 - 65
Received: 04 Jul 2018
Accepted: 28 Aug 2018
Published online: 21 Jan 2019 *