Method, apparatus and system for detecting abnormality of DNS (domain name system) query flow

A technology of DNS query and traffic abnormality, which is applied in the Internet field, can solve the problems of missed detection and unobvious total traffic characteristics, and achieve the effect of reducing the missed detection rate

Active Publication Date: 2010-09-22
CHINA INTERNET NETWORK INFORMATION CENTER
View PDF0 Cites 30 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0011] In the process of realizing the embodiment of the present invention, the inventor found that the existing technology mainly detects the abnormality of the total traffic characteristics of

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method, apparatus and system for detecting abnormality of DNS (domain name system) query flow
  • Method, apparatus and system for detecting abnormality of DNS (domain name system) query flow
  • Method, apparatus and system for detecting abnormality of DNS (domain name system) query flow

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0030] The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only a part of the embodiments of the present invention, but not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.

[0031] figure 1 It is a flow chart of the method for detecting abnormal DNS query traffic provided by the first embodiment of the present invention. like figure 1 As shown, the method for detecting abnormal DNS query traffic provided by this embodiment includes:

[0032] Step 11: According to the pre-divided regional units, respectively count the DNS query traffic of each region.

[0033] The statistical method of DNS query traffic...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a method, an apparatus and a system for detecting the abnormality of DNS query flow, which belong to the technical field of Internet. The detection method comprises the following steps of: respectively counting DNS query flows of regions according to the pre-divided region units; respectively determining the covariance matrixes corresponding to a plurality of time slices according to DNS query flows of regions; respectively calculating the matrix relevance variation value between the covariance matrixes corresponding to the plurality of time slices and the average covariance matrix; and outputting the instantaneous alarm information when the matrix relevance variation value between the covariance matrixes corresponding to any time slices and the average covariance matrix is greater than the first predetermined value for indicating that the DNS query flow of any time slices is abnormal. The invention is beneficial to reducing the loss of abnormality of DNS query flow.

Description

technical field [0001] The invention relates to the technical field of the Internet, in particular to a method, device and system for detecting abnormality of DNS query traffic. Background technique [0002] The Domain Name System (DNS) is mainly used to complete the mapping from domain names to IP addresses and the resolution of other Internet resources. It is one of the important infrastructures in today's Internet. Due to the rapid growth of network traffic year by year and the complexity of network topology, it is becoming more and more difficult to directly monitor Internet traffic at a macro level; DNS query traffic, as an important reflection of the entire Internet traffic, is easier to implement and more feasible to monitor . [0003] In the process of DNS query traffic anomaly detection, it is necessary to be able to describe the normal behavior of the network system where the DNS server is located in order to establish the distribution of normal behavior, and to b...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L12/26H04L29/12
Inventor 李晓东毛伟王正王欣金键
Owner CHINA INTERNET NETWORK INFORMATION CENTER
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap