LIU Ming-xing,JIN Jian,LI Xiao-dong
A threat that Domain Name System(DNS) data is tampered by hackers endangers DNS applications. Due to
the hidden characteristic of this threat,a quick and effective method to find dangerous changes in DNS data is needed
urgently. Regarding to the problem,this paper proposes a method to monitor the DNS data based on machine learning,by
which dangerous change in DNS data can be found quickly. Some domain names whose data are changed are chosen from
a number of domain names,and their relevant information is individually analyzed in order to produce a tuple that is represented by a multi-dimensional attribute vector,which contains literal characteristics,forward-inverse match and so on. After that a class is labeled depending on whether the changes are bad or not so that an instance containing the tuple and their class label is built and consequently a training set is built. By analyzing the training set the two classification algorithms,decision tree and Support Vector Machine(SVM),build classifiers,which are used to detect whether changes in DNS data are dangerous or not. The 10-fold cross-validation is used to validate the two classifiers. It is found that the classifiers do well in finding dangerous changes in DNS data,in which the present results show that the classifier can reach a good precision,and their weighted average accuracies are 73. 8% and 82. 4% .