Detection of malicious domain names based on an improved hidden Markov model

Abstract

The ability to detect malicious domain names is critical for protection against internet security, data theft, and other dangers. Current methods for recognising malicious domain names have demonstrated poor detection accuracy in dealing with massive data. This paper proposes a novel malicious domain name detection method based on an improved Hidden Markov Model (HMM). Firstly, by analysing various characteristics of good and evil domain names in DNS communication, we can use Spark fast extraction to distinguish their attributes; then, we can quickly classify unknown domain names accurately by using Baum-Welch algorithm and Viterbi algorithm in Hidden Markov Model (BVHMM) to achieve the effective detection of malicious domain names; finally, to test our approach, we conducted a series of experiments, and the experimental results demonstrate that our model achieves good accuracy and recall rate as compared with other detection models.