Malicious domains usually refer to a series of illegal activities, posing threats to people's privacy and property. Therefore, the problem of detecting malicious domains has aroused the widespread concern. This paper introduces a novel approach named Domain Watcher to detect malicious domains based on local and global textual features. Except for the traditional lexical features of domains, we introduce two types of global textual features, namely imitation features and bigram features, by measuring the similarity between tested domains and known domains. Experimental results on real-world data show that DomainWatcher can achieve high precision rate, recall rate and F1-measure with low consumption.
Zhang, P., Liu, T., Zhang, Y., Ya, J., Shi, J., & Wang, Y. (2017). Domain Watcher: Detecting Malicious Domains Based on Local and Global Textual Features. In Procedia Computer Science (Vol. 108, pp. 2408–2412). Elsevier B.V. https://doi.org/10.1016/j.procs.2017.05.204