The　Domain　Name　System　(DNS)　is　an　important　core　infrastructure　of　the　Internet,　domain　names　and　IP　addresses　is　a　distributed　database　that　maps　to　each　other,　however,　due　to　the　defects　of　its　own　protocol,　there　have　been　many　malicious　attacks　against　domain　names,　such　as　spoofing　attacks,　botnets,　and　domain　name　registrations,　as　a　result,　the　security　of　domain　names　has　become　one　of　the　problems　that　must　be　solved　for　the　safe　and　reliable　operation　of　the　Internet.　Based　on　the　hidden　Markov　model　(HMM),　this　paper　analyzes　the　difference　between　the　malicious　domain　name　and　the　normal　domain　name　in　the　various　characteristics　of　DNS　communication,　and　uses　Spark＇s　fast　extraction　to　distinguish　their　attributes,　the　Baum-Welch　algorithm　and　Viterbi　algorithm　in　the　Markov　model　can　quickly　classify　unknown　domain　names　accurately　to　achieve　effective　detection　of　malicious　domain　names.　Finally,　the　HMM　was　compared　with　the　commonly　used　random　forest　model　through　experiments,　and　the　accuracy　and　recall　rate　were　compared.　The　results　show　that　the　application　of　HMM　improves　the　performance　of　the　classifier　to　obtain　more　accurate　detection　results.　©　2018　IEEE.