| 发明名称 |
APPARATUS AND METHOD FOR DETECTING MALICIOUS DOMAIN CLUSTER |
| 摘要 |
An apparatus and method for detecting a malicious domain cluster. The apparatus for detecting a malicious domain cluster includes a domain name server (DNS) data collection unit and a malicious domain cluster detection unit. The DNS data collection unit collects DNS traffic over a network, and stores the DNS traffic in a database. The malicious domain cluster detection unit generates a domain cluster based on the DNS data, learns the characteristics of normal and malicious clusters in the domain cluster, and detects whether the domain cluster is malicious based on the result of the learning. |
| 申请公布号 |
US2016294859(A1) |
申请公布日期 |
2016.10.06 |
| 申请号 |
US201514735579 |
申请日期 |
2015.06.10 |
| 申请人 |
ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE |
发明人 |
CHOI Changho;KANG Brent ByungHoon;LEE Sungryoul;KANG JungMin |
| 分类号 |
H04L29/06;G06F17/30;G06N99/00;H04L29/12 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. An apparatus for detecting a malicious domain cluster, comprising:
a domain name server (DNS) data collection unit configured to collect DNS traffic over a network and store the DNS traffic in a database; and a malicious domain cluster detection unit configured to generate a domain cluster based on the DNS data, learn characteristics of normal and malicious clusters in the domain cluster, and detect whether the domain cluster is malicious based on a result of the learning. |
| 地址 |
Daejeon KR |
