Field of the Disclosure
The disclosure is related to an information security technology, and more particularly related to a gateway apparatus, a detecting method of malicious domain and hacked host thereof and a non-transitory computer readable medium.
Description of Related Art
Malicious domains are hotbeds of cybercrimes (i.e. malicious behaviors such as spreading spam emails, financial fraud, phishing sites and etc.). It is a highly important information security issue for companies to detect the suspicious domain in time among massive amount of external connections.
After hackers construct a relay station, they implant a malicious software (malware) into victims' hosts through social emails, phishing sites or other approaches to make the hosts become bots. Most of the malwares in the bots require a network connection to perform malicious activities (e.g., sending spam emails, leaking private information, downloading update of malware, infecting surrounding hosts and so on). In order to keep botnet active, the hackers usually use domain flux technology or the like to avoid detection and prevent the implanted malware from being blocked. In view of the above, information security service providers need to find out a technology that can effectively detect the malicious domains and hacked hosts.