A Review: How to Detect Malicious Domains

AbstractMalicious domains are one of the critical manifestations of cyber security attacks, severely posing threats to people’s privacy and property by providing malicious services (such as spam servers, phishing websites, and C&C servers) to Internet users. Therefore, researches on technology of malicious domains detection have also attracted much attention. Existing methods show significant differences in data sources and method implementations. In this paper, we conduct a retrospective analysis on them, and divide data into two types namely DNS data and DGA data. Different data sources correspond to different data forms and loaded information, so that researchers need to adopt appropriate methods to detect malicious domains by using such information. The detection methods are divided into four types. We describe general detection framework for each type of approach, and make an outlook for future research directions.KeywordsMalicious domains detectionDGADomain Name System