Netinfo Security ›› 2018, Vol. 18 ›› Issue (12): 66-71.doi: 10.3969/j.issn.1671-1122.2018.12.009

Previous Articles     Next Articles

Research on Domain Flux Botnet Domain Name Detection Method Based on Weighted Support Vector Machine

Jinwei SONG, Jin YANG(), Tao LI   

  1. College of Computer Science, Sichuan University, Chengdu Sichuan 610065, China
  • Received:2018-06-14 Online:2018-12-20 Published:2020-05-11

Abstract:

Domain Flux botnet domain names are mostly used in botnet command control channels, so detection of Domain Flux botnet domain names is very important for botnet detection. There are many problems in the detection methods of Domain Flux botnet domain names at present. For example, resource consumption is high and detection accuracy is not high. To solve these problems, this paper proposes a Domain Flux botnet domain name detection method based on weighted support vector machine. By analyzing the difference between Domain Flux botnet domain name and traditional domain name, dozens of domain name features are extracted to distinguish normal domain name and Domain Flux botnet domain name. In order to maximize the distinguishing effect of each feature, the weights of each feature are calculated by the information gain ratio and weighted by the feature. The SVM algorithm is trained on the weighted feature data set to obtain the detection model. Experiments show that this method effectively improves the detection accuracy of Domain Flux botnet domain names, and can better identify Domain Flux botnet domain names.

Key words: Domain Flux botnet, information gain ratio, feature weighting, support vector machine

CLC Number: