COMPUTING DEVICE AND METHOD FOR DETECTING MALICIOUS DOMAIN NAMES IN NETWORK TRAFFIC

摘要

FIELD: information technology.;SUBSTANCE: invention relates to devices, methods, and a machine-readable medium for domain name analysis. Device contains a communication module that provides a domain name from a source of domain names, analysis module that provides a domain name module from the communication module and analyzes each of the received domain names using a specified set of analysis techniques, ensuring that a given numerical value is assigned to each of a given set of domain name suspiciousness characteristics, corresponding to one of a given set of analysis techniques, for each analyzed domain name, depending on the results of its analysis using specified analysis techniques, processing module that provides the analysis module with signs of suspicion with the numerical values assigned to them for each domain name and analysis using a specified set of analysis techniques to ensure that each domain name is assigned to malicious domain names if the results of the analysis of suspiciousness characteristics are characteristic of malicious domain names.;EFFECT: technical result is higher accuracy of detection of malicious domain names in network traffic.;31 cl, 2 dwg