Special data filtering method for eliminating denial-of-service attacks to DNS (domain name system) service

Abstract

The invention discloses a special data filtering method for eliminating denial-of-service attack to DNS (domain name system) service. The special data filtering method includes steps of firstly, capturing a network data sample of a DNS server; secondly, extracting characteristic attributes of the captured network data sample; thirdly, determining a time function which is a piecewise time function; fourthly, creating a training data matrix of a normal flow and a train data matrix of an attack flow according to the captured network data sample; fifthly, continuing capturing traffic data packets on the DNS server in real time, and classifying and detecting the traffic data packets by a Bayes classifier; sixthly, filtering classification results, judging whether a data flow is the attack flow or not, completely abandoning the data flow if the data flow is the attack flow, and adopting a filtering method based on classification probability according to the congestion condition of the DNS server if the data flow is the normal flow; and seventhly, turning to the fifth step to carry out the same process. By the special data filtering method, data are filtered and processed after the denial-of-service attack flow is detected, and influence of the denial-of-service attack on the DNS server is eliminated.

Description

technical field [0001] The invention belongs to the technical field of network security, in particular to a data filtering method for denial of service attacks on DNS services. Background technique [0002] DNS (domain name system, domain name system) is the key infrastructure of the Internet and the weak link of Internet security. Due to the flaws in the initial design of the DNS protocol and the limited query capabilities of the DNS server itself, the DNS server has become one of the main targets for hackers to launch denial-of-service attacks. The denial of service attack uses the master computer to control the puppet computers on the network and simultaneously launches attacks on the attack target, exhausting server resources. The essence of this kind of attack is to make the server process more data volume than its normal limit. Therefore, monitoring and analyzing the changes of these data volumes and distinguishing normal and abnormal data is an effective way to detec...

AI Technical Summary

Problems solved by technology

[0003] At present, there is no effective solution to the denial of service attack on DNS. The existing denial of service attack detection and defense methods cannot meet the requirements of DNS service protection, such as single IP attack detection and filtering, which is seriously ineffective in IPv6; only The accuracy of detecting and defending against attacks based on the access status of the last few time slices is not high; the economic cost of using high-performance network equipment or ensuring sufficient network bandwidth is too high; enhancing the TCP / IP protocol stack of the operating system, its less effective

In the existing denial-of-service attack defense methods against DNS, most of them prevent denial-of-service attacks in a passive defense manner, and there is a problem that active detection and filtering of denial-of-service attacks cannot be effectively performed, making the defense cost of denial-of-service attacks taller and less defensive

Images