Sun et al., 2019 - Google Patents
{HinDom}: A robust malicious domain detection system based on heterogeneous information network with transductive classificationSun et al., 2019
View PDF- Document ID
- 13291842700382644792
- Author
- Sun X
- Tong M
- Yang J
- Xinran L
- Heng L
- Publication year
- Publication venue
- 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2019)
External Links
Snippet
Domain name system (DNS) is a crucial part of the Internet, yet has been widely exploited by cyber attackers. Apart from making static methods like blacklists or sinkholes infeasible, some weasel attackers can even bypass detection systems with machine learning based …
- 238000001514 detection method 0 title abstract description 56
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/30—Information retrieval; Database structures therefor; File system structures therefor
- G06F17/30861—Retrieval from the Internet, e.g. browsers
- G06F17/30864—Retrieval from the Internet, e.g. browsers by querying, e.g. search engines or meta-search engines, crawling techniques, push systems
- G06F17/30867—Retrieval from the Internet, e.g. browsers by querying, e.g. search engines or meta-search engines, crawling techniques, push systems with filtering and personalisation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/30—Information retrieval; Database structures therefor; File system structures therefor
- G06F17/3061—Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
- G06F17/30705—Clustering or classification
- G06F17/3071—Clustering or classification including class or cluster creation or modification
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/30—Information retrieval; Database structures therefor; File system structures therefor
- G06F17/3061—Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
- G06F17/30634—Querying
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/30—Information retrieval; Database structures therefor; File system structures therefor
- G06F17/30286—Information retrieval; Database structures therefor; File system structures therefor in structured data stores
- G06F17/30386—Retrieval requests
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06N—COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N99/00—Subject matter not provided for in other groups of this subclass
- G06N99/005—Learning machines, i.e. computer in which a programme is changed according to experience gained by the machine itself during a complete run
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06N—COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N5/00—Computer systems utilising knowledge based models
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06K—RECOGNITION OF DATA; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K9/00—Methods or arrangements for reading or recognising printed or written characters or for recognising patterns, e.g. fingerprints
- G06K9/36—Image preprocessing, i.e. processing the image information without deciding about the identity of the image
- G06K9/46—Extraction of features or characteristics of the image
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Sun et al. | {HinDom}: A robust malicious domain detection system based on heterogeneous information network with transductive classification | |
| Liu et al. | An integrated method for anomaly detection from massive system logs | |
| Marchal et al. | PhishStorm: Detecting phishing with streaming analytics | |
| Ortet Lopes et al. | Towards effective detection of recent DDoS attacks: A deep learning approach | |
| Alanazi et al. | Anomaly Detection for Internet of Things Cyberattacks. | |
| Lison et al. | Neural reputation models learned from passive DNS data | |
| Tan et al. | Adaptive malicious URL detection: Learning in the presence of concept drifts | |
| Krishnaveni et al. | Ensemble approach for network threat detection and classification on cloud computing | |
| WO2020133986A1 (en) | Botnet domain name family detecting method, apparatus, device, and storage medium | |
| Mahdavi et al. | A real-time alert correlation method based on code-books for intrusion detection systems | |
| He et al. | Malicious domain detection via domain relationship and graph models | |
| Herrera-Semenets et al. | A data reduction strategy and its application on scan and backscatter detection using rule-based classifiers | |
| Liu et al. | CCGA: clustering and capturing group activities for DGA-based botnets detection | |
| Vinayakumar et al. | Improved DGA domain names detection and categorization using deep learning architectures with classical machine learning algorithms | |
| Zhang et al. | A novel anomaly detection approach for mitigating web-based attacks against clouds | |
| Cheng et al. | Ghunter: A fast subgraph matching method for threat hunting | |
| Tang et al. | HSLF: HTTP header sequence based lsh fingerprints for application traffic classification | |
| Shinan et al. | BotSward: Centrality Measures for Graph-Based Bot Detection Using Machine Learning. | |
| Li et al. | Towards a multi‐layers anomaly detection framework for analyzing network traffic | |
| AU2021101959A4 (en) | A classifier for attack detection in cloud environment and data computing for smart cities and smart healthcare system using internet of things | |
| Gao et al. | Detecting Unknown Threat Based on Continuous‐Time Dynamic Heterogeneous Graph Network | |
| Jiao et al. | DGGCN: Dictionary based DGA detection method based on DomainGraph and GCN | |
| Fan et al. | PUMD: a PU learning-based malicious domain detection framework | |
| Wang et al. | TSMWD: a high-speed malicious web page detection system based on two-step classifiers | |
| Luo et al. | Lagprober: Detecting dga-based malware by using query time lag of non-existent domains |