DEVICE AND METHOD FOR DETECTING MALICIOUS DOMAIN NAMES

• Main Authors: TZOREFF ELAD, MEYTIN DMITRY
• Format: Patent
• Language: Chinese; English
• Published: 08.01.2021
• Subjects: CALCULATING; COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS; COMPUTING; COUNTING; ELECTRIC COMMUNICATION TECHNIQUE; ELECTRICITY; PHYSICS; TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION

The present invention relates to the detection of malicious domain names, particularly generated by a Domain Generation Algorithm. Therefore, the present invention provides a device, system, and method. The device is configured to receive, as an input, a Fully-Qualified Domain Name (FQDN) and a public suffix index. The device can determine a public suffix sequence and a domain characters sequencein the FQDN based on the public suffix index. Then, the device is configured to process the public suffix sequence to obtain a first result indicative of whether the FQDN is malicious or not, to process the domain characters sequence to obtain a second result indicative of whether the FQDN is malicious or not, and to merge the first result and the second result and determine based on the merged result whether the FQDN is malicious or not. 本发明涉及恶意域名的检测，特别是由域名生成算法生成的恶意域名的检测。因此，本发明提供了一种设备、系统和方法。所述设备用于接收完全限定域名(Fully-Qualified Domain Name，FQDN)和公共后缀索引作为输入。所述设备可以根据所述公共后缀索引确定所述FQDN中的公共后缀序列和域字符序列。然后，所述设备用于对所述公共后缀序列进行处理，以得到指示所