Detection of Malicious Domain Names Based on Hidden Markov Model.

The Domain Name System (DNS) is an important core infrastructure of the Internet, domain names and IP addresses is a distributed database that maps to each other, however, due to the defects of its own protocol, there have been many malicious attacks against domain names, such as spoofing attacks, botnets, and domain name registrations, as a result, the security of domain names has become one of the problems that must be solved for the safe and reliable operation of the Internet. Based on the hidden Markov model (HMM), this paper analyzes the difference between the malicious domain name and the normal domain name in the various characteristics of DNS communication, and uses Sparku0027s fast extraction to distinguish their attributes, the Baum-Welch algorithm and Viterbi algorithm in the Markov model can quickly classify unknown domain names accurately to achieve effective detection of malicious domain names. Finally, the HMM was compared with the commonly used random forest model through experiments, and the accuracy and recall rate were compared. The results show that the application of HMM improves the performance of the classifier to obtain more accurate detection results.