Malicious domain name attacks have become a serious issue for Internet security. In this study, a malicious domain names\ndetection algorithm based on N-Gram is proposed. The top 100,000 domain names in Alexa 2013 are used in the N-Gram method.\nEach domain name excluding the top-level domain is segmented into substrings according to its domain level with the lengths of\n3, 4, 5, 6, and 7. The substring set of the 100,000 domain names is established, and the weight value of a substring is calculated\naccording to its occurrence number in the substring set. To detect a malicious attack, the domain name is also segmented by the NGram\nmethod and its reputation value is calculated based on the weight values of its substrings. Finally, the judgment of whether\nthe domain name is malicious is made by thresholding. In the experiments on Alexa 2017 and Malware domain list, the proposed\ndetection algorithm yielded an accuracy rate of 94.04%, a false negative rate of 7.42%, and a false positive rate of 6.14%. The time\ncomplexity is lower than other popular malicious domain names detection algorithms.
Loading....