Network detection of malicious domain name based on adversary model

With the rapid development of the Internet, threats from the network security are emerging one after another. Driven by economic interests, attackers use malicious domain names to promote the development of botnets and phishing sites, which leads to serious information leakage of victims and devices, the proliferation of DDoS attacks and the rapid spread of viruses. Based on the above background, the purpose of this paper is to study the network detection of malicious domain name based on the adversary model. Firstly, this paper studies the generation mechanism of DGA domain name based on PCFG model, and studies the characteristics of the domain name generated by such DGA. The research shows that the domain name generated by PCFG model is usually based on the legal domain name, so the character statistical characteristics of the domain name are similar to the legal domain name. Moreover, the same PCFG model can often generate multiple types of domain names, so it is difficult to extract appropriate features manually. The experimental results show that the accuracy, recall and accuracy of the performance parameters of the classifier are over 95%. By using the open domain name data set, comparing the linear calculation edit distance method and the detection effect under different thresholds, it is proved that the proposed method can improve the detection speed of misplanted domain names under the condition of similar accuracy.