基于权威域名服务器的停靠域名识别机制

doi:10.11772/j.issn.1001-9081.2016.12.3311

计算机应用 ›› 2016, Vol. 36 ›› Issue (12): 3311-3316.DOI: 10.11772/j.issn.1001-9081.2016.12.3311

基于权威域名服务器的停靠域名识别机制

刘梅, 张永斌, 冉崇善, 孙连山

陕西科技大学电气与信息工程学院, 西安 710021

收稿日期:2016-06-30 修回日期:2016-09-05 出版日期:2016-12-10 发布日期:2016-12-08
通讯作者: 冉崇善
作者简介:刘梅(1989-),女,河北定州人,硕士研究生,主要研究方向:网络安全;张永斌(1976-),男,陕西西安人,讲师,博士,CCF会员,主要研究方向:网络安全;冉崇善(1956-),男,陕西渭南人,教授,硕士,CCF会员,主要研究方向:智能信息处理、计算机网络体系结构;孙连山(1977-),男,黑龙江集贤人,副教授,博士,主要研究方向:非功能需求、软件体系结构、软件安全工程。
基金资助:
国家自然科学基金资助项目（61202019）。

Mechanism of parked domain recognition based on authoritative domain name servers

LIU Mei, ZHANG Yongbin, RAN Chongshan, SUN Lianshan

College of Electrical and Information Engineering, Shaanxi University of Science and Technology, Xi'an Shaanxi 710021, China

Received:2016-06-30 Revised:2016-09-05 Online:2016-12-10 Published:2016-12-08
Supported by:
This work is partially supported by the National Natural Science Foundation of China (61202019).

摘要/Abstract

摘要： 由于互联网中充斥着大量的停靠域名，给用户上网体验、上网环境带来严重影响，为识别停靠域名，提出一种基于权威域名服务器（DNS）的停靠域名检测方法。该方法从常用于域名停靠服务的错拼域名入手，提取出可能用于停靠服务的权威DNS集合，并通过半监督聚类方法对该集合进行分析，识别出用于停靠服务的权威DNS。在检测停靠域名时，通过判断域名的权威DNS是否用于停靠服务，并且该域名解析的IP地址是否属于停靠服务Web服务器的IP地址集合，来对停靠域名进行识别。借助现有基于页面特征的检测方法对所提方法进行分析，实验结果表明所提方法的准确率达92.8%以上，并且避免了页面信息的爬取，能够实时地检测域名是否为停靠域名。

关键词: 停靠域名, 错拼域名, 域名停靠服务, 半监督聚类, 权威域名服务器

Abstract: The massive parked domains exist in the Internet, which seriously affect the Internet experience and Internet environment of online users when surfing. In order to recognize parked domains, a new method of parked domain recognition was proposed based on authoritative Domain Name Server (DNS). The set of authoritative DNS which could be used for domain parking service was extracted by the typosquatting domains commonly used in domain parking service. Then the set was clustered by semi-supervised clustering method to identify the authoritative DNS associated with domain parking service. When detecting a parked domain, the parked domain was recognized by the judgments that whether its authoritative DNS was applied in domain parking service and whether its mapped IP addresses was concluded in the set of IP addresses of parking Web servers. By using the existing detecting method based on webpages' features, the accuracy of the proposed method was analyzed. The experimental results show the proposed method has achieved the accuracy rate of 92.8%, and avoids crawling the webpage information, which has a good performance on parked domains detection in real-time.

Key words: parked domain, typosquatting domain, domain parking service, semi-supervised clustering, authoritative Domain Name Server (DNS)

中图分类号:

TP393.0

刘梅, 张永斌, 冉崇善, 孙连山. 基于权威域名服务器的停靠域名识别机制[J]. 计算机应用, 2016, 36(12): 3311-3316.

LIU Mei, ZHANG Yongbin, RAN Chongshan, SUN Lianshan. Mechanism of parked domain recognition based on authoritative domain name servers[J]. Journal of Computer Applications, 2016, 36(12): 3311-3316.

参考文献

[1] DU H. Domain parking recognizer:an experimental study on Web content categorization[D]. Burnaby, British Columbia:Simon Fraser University, 2013:10-51.
[2] VISSERS T, JOOSEN W, NIKIFORAKIS N. Parking sensors:analyzing and detecting parked domains[C]//NDSS 2015:Proceeding of the 22nd Network and Distributed System Security Symposium. Washington, DC:Internet Society, 2015:23053.
[3] SZURDI J, KOCSO B, CSEH G, et al. The long "taile" of typosquatting domain names[C]//SEC'14:Proceedings of the 23rd USENIX Conference on Security Symposium. Berkeley, CA:USENIX Association, 2014:191-206.
[4] MOORE T, EDELMAN B. Measuring the perpetrators and funders of typosquatting[C]//Proceedings of the 2010 International Conference on Financial Cryptography and Data Security, LNCS 6052. Berlin:Springer, 2010:175-191.
[5] AGTEN P, JOOSEN W, PIESSENS F, et al. Seven months' worth of mistakes:a longitudinal study of typosquatting abuse[C]//NDSS 2015:Proceedings of the 22nd Network and Distributed System Security Symposium. Washington, DC:Internet Society, 2015:23058.
[6] ALRWAIS S, YUAN K, ALOWAISHEQ E, et al. Understanding the dark side of domain parking[C]//SEC'14:Proceedings of the 23rd USENIX Conference on Security Symposium. Berkeley, CA:USENIX Association, 2014:207-222.
[7] NIKIFORAKIS N, BALDUZZI M, DESMET L, et al. Soundsquatting:uncovering the use of homophones in domain squatting[C]//ISC 2014:Proceedings of the 17th International Conference on Information Security, LNCS 8783. Cham, Switzerland:Springer International Publishing, 2014:291-308.
[8] NIKIFORAKIS N, ACKER S V, MEERT W, et al. Bitsquatting:exploiting bit-flips for fun, or profit?[C]//Proceedings of the 22nd International Conference on World Wide Web. New York:ACM, 2013:989-998.
[9] HALVORSON T, SZURDI J, MAIER G, et al. The BIZ top-level domain:ten years later[C]//PAM 2012:Proceedings of the 13th International Conference on Passive and Active Measurement, LNCS 7192. Berlin:Springer, 2012:221-230.
[10] HALVORSON T, LEVCHENKO K, SAVAGE S, et al. XXXtortion?:inferring registration intent in the. XXX TLD[C]//WWW'14:Proceedings of the 23rd International Conference on World Wide Web. New York:ACM, 2014:901-912.
[11] Sedo. How do I park my domains?[EB/OL].[2015-10-29]. https://sedo-int.custhelp.com/app/answers/detail/a_id/143/p/1/c/30/search/1.
[12] Domainparking. FAQs of domain parking[EB/OL].[2015-10-29]. https://domainparking.co.uk/faq.php.
[13] Parkingcrew. FAQ[EB/OL].[2015-10-29]. https://www.parkingcrew.com/faq.php?mode=detail&detail=31.
[14] Google. Search console help[EB/OL].[2015-12-03]. https://support.google.com/webmaste-rs/answer/66359.
[15] WITTEN I H, FRANK E, HALL M A. Data Mining:Practical Machine Learning Tools and Techniques[M]. 3rd ed. San Francisco, CA:Morgan Kaufmann, 2011:206-207.
[16] MCGREGOR A, HALL M, LORIER P, et al. Flow clustering using machine learning techniques[C]//PAM 2004:Proceedings of the 5th International Workshop on Passive and Active Network Measurement, LNCS 3015. Berlin:Springer, 2004:205-214.
[17] SMYTH P. Model selection for probabilistic clustering using cross-validated likelihood[J]. Statistics and Computing, 2000, 10(1):63-72.
[18] ERMAN J, MAHANTI A, ARLITT M, et al. Offline/realtime traffic classification using semi-supervised learning[J]. Performance Evaluation, 2007, 64(9/10/11/12):1194-1213.
[19] Amazon. Top-1m domains[EB/OL].[2015-10-20]. http://s3.amazonaws.com/alexa-static/top-1m.csv.zip.
[20] Verisign. Zone files for Top-Level Domains (TLDs)[EB/OL].[2015-10-20]. http://www.verisign.com/en_US/channel-resources/domain-registry-products/zone-file/index.xhtml.

基于权威域名服务器的停靠域名识别机制

Mechanism of parked domain recognition based on authoritative domain name servers

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 7

编辑推荐

Metrics

[1]	杜阳, 姜震, 冯路捷. 结合支持向量机与半监督K-means的新型学习算法[J]. 计算机应用, 2019, 39(12): 3462-3466.
[2]	柴变芳, 吕峰, 李文斌, 王垚. 基于主动学习先验的半监督K-means聚类算法[J]. 计算机应用, 2018, 38(11): 3139-3143.
[3]	吕佳, 黎隽男. 结合半监督聚类和数据剪辑的自训练方法[J]. 计算机应用, 2018, 38(1): 110-115.
[4]	潘章明. 半监督的自动聚类[J]. 计算机应用, 2010, 30(10): 2614-2617.
[5]	宋凌李枚毅李孝源. 一种新的半监督入侵检测算法[J]. 计算机应用, 2008, 28(7): 1781-1783.
[6]	俞研黄皓 . 一种半聚类的异常入侵检测算法[J]. 计算机应用, 2006, 26(7): 1640-1642.
[7]	司文武，钱沄涛. 一种基于谱聚类的半监督聚类方法[J]. 计算机应用, 2005, 25(06): 1347-1349.