Aimed at the shortage of current detection methods of domain-flux botnet, a method based on the alive character of domain name is proposed. The description of domains alive character is given which are generated by domain-flux botnet, and an domain-flux botnel detection method based on the alive characteristics of domain names is proposed. The detection description, detection flow and system structure are introduced. An experiment using the mirror dns traffic from an service provider is designed to validate the effectiveness of this detection method. The result shows that the method proposed do not rely on specific alphanumeric characteristics of domain names, and could find domain names efficiently used by domain-flux botnet.%针对现有Domain-flux僵尸网络检测方法在检测范围方面的不足,提出基于域名访问活跃特征的Domain-flux僵尸网络域名检测方法.通过阐述Domain-flux僵尸网络所利用的域名集合在访问方面所表现出的时间行为特征,提出一种基于域名访问活跃特征的检测算法,给出检测算法的具体描述、检测处理流程及系统整体结构,利用某运行商DNS服务器镜像数据实验验证检测算法.实验结果显示,检测算法不依赖于具体的域名字符特征,可以有效过滤出Domain-flux僵尸网络所利用的域名.
展开▼
