Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Special data filtering method for eliminating denial-of-service attacks to DNS (domain name system) service

A denial of service attack, DNS service technology, applied in the field of network security, can solve the problems of low precision, poor defense, and high economic cost, achieve the effect of low calculation amount and deployment cost, achieve congestion control, and high degree of intelligence

Active Publication Date: 2015-06-24
CHANGZHOU XIAOGUO INFORMATION SERVICES
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] At present, there is no effective solution to the denial of service attack on DNS. The existing denial of service attack detection and defense methods cannot meet the requirements of DNS service protection, such as single IP attack detection and filtering, which is seriously ineffective in IPv6; only The accuracy of detecting and defending against attacks based on the access status of the last few time slices is not high; the economic cost of using high-performance network equipment or ensuring sufficient network bandwidth is too high; enhancing the TCP / IP protocol stack of the operating system, its less effective
In the existing denial-of-service attack defense methods against DNS, most of them prevent denial-of-service attacks in a passive defense manner, and there is a problem that active detection and filtering of denial-of-service attacks cannot be effectively performed, making the defense cost of denial-of-service attacks taller and less defensive

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Special data filtering method for eliminating denial-of-service attacks to DNS (domain name system) service
  • Special data filtering method for eliminating denial-of-service attacks to DNS (domain name system) service
  • Special data filtering method for eliminating denial-of-service attacks to DNS (domain name system) service

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0035] Hereinafter, preferred embodiments of the present invention are given in conjunction with the drawings to illustrate the technical solutions of the present invention in detail.

[0036] figure 1 Shows the flow chart of the data filtering method for the denial of service attack of DNS service proposed by the present invention, the specific implementation steps are:

[0037] Step one, capture the network data sample of the DNS server.

[0038] Obtain the server's network data stream from the mirror port of the DNS server-side switch and store it in the data file.

[0039] Step two: extract feature attributes from the captured network data samples.

[0040] (1) Extract feature attributes

[0041] The network data packet information captured in step one includes the number of various data packets, the statistical information of the source IP address and the destination IP address, and the statistical information of the data packet type (request or response). According to the traffic...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a special data filtering method for eliminating denial-of-service attack to DNS (domain name system) service. The special data filtering method includes steps of firstly, capturing a network data sample of a DNS server; secondly, extracting characteristic attributes of the captured network data sample; thirdly, determining a time function which is a piecewise time function; fourthly, creating a training data matrix of a normal flow and a train data matrix of an attack flow according to the captured network data sample; fifthly, continuing capturing traffic data packets on the DNS server in real time, and classifying and detecting the traffic data packets by a Bayes classifier; sixthly, filtering classification results, judging whether a data flow is the attack flow or not, completely abandoning the data flow if the data flow is the attack flow, and adopting a filtering method based on classification probability according to the congestion condition of the DNS server if the data flow is the normal flow; and seventhly, turning to the fifth step to carry out the same process. By the special data filtering method, data are filtered and processed after the denial-of-service attack flow is detected, and influence of the denial-of-service attack on the DNS server is eliminated.

Description

Technical field [0001] The invention belongs to the technical field of network security, and in particular relates to a data filtering method for denial of service attacks against DNS services. Background technique [0002] DNS (domain name system) is a key infrastructure of the Internet and a weak link in Internet security. Due to the defects in the initial design of the DNS protocol and the limited query capability of the DNS server itself, the DNS server has become one of the main targets of hackers launching denial of service attacks. Denial of service attacks use the master computer to control the puppets on the network and launch attacks on the target at the same time, exhausting server resources. The essence of this kind of attack is to make the server process the amount of data that exceeds its normal limit. Therefore, the implementation of monitoring and analyzing changes in the amount of data to distinguish between normal and abnormal data is an effective way to detect...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
Inventor 顾晓清倪彤光丁辉
Owner CHANGZHOU XIAOGUO INFORMATION SERVICES
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products