Special data filtering method for eliminating denial-of-service attacks to DNS (domain name system) service

Abstract

The invention discloses a special data filtering method for eliminating denial-of-service attack to DNS (domain name system) service. The special data filtering method includes steps of firstly, capturing a network data sample of a DNS server; secondly, extracting characteristic attributes of the captured network data sample; thirdly, determining a time function which is a piecewise time function; fourthly, creating a training data matrix of a normal flow and a train data matrix of an attack flow according to the captured network data sample; fifthly, continuing capturing traffic data packets on the DNS server in real time, and classifying and detecting the traffic data packets by a Bayes classifier; sixthly, filtering classification results, judging whether a data flow is the attack flow or not, completely abandoning the data flow if the data flow is the attack flow, and adopting a filtering method based on classification probability according to the congestion condition of the DNS server if the data flow is the normal flow; and seventhly, turning to the fifth step to carry out the same process. By the special data filtering method, data are filtered and processed after the denial-of-service attack flow is detected, and influence of the denial-of-service attack on the DNS server is eliminated.

Description

Technical field [0001] The invention belongs to the technical field of network security, and in particular relates to a data filtering method for denial of service attacks against DNS services. Background technique [0002] DNS (domain name system) is a key infrastructure of the Internet and a weak link in Internet security. Due to the defects in the initial design of the DNS protocol and the limited query capability of the DNS server itself, the DNS server has become one of the main targets of hackers launching denial of service attacks. Denial of service attacks use the master computer to control the puppets on the network and launch attacks on the target at the same time, exhausting server resources. The essence of this kind of attack is to make the server process the amount of data that exceeds its normal limit. Therefore, the implementation of monitoring and analyzing changes in the amount of data to distinguish between normal and abnormal data is an effective way to detect...

AI Technical Summary

Problems solved by technology

[0003] At present, there is no effective solution to the denial of service attack on DNS. The existing denial of service attack detection and defense methods cannot meet the requirements of DNS service protection, such as single IP attack detection and filtering, which is seriously ineffective in IPv6; only The accuracy of detecting and defending against attacks based on the access status of the last few time slices is not high; the economic cost of using high-performance network equipment or ensuring sufficient network bandwidth is too high; enhancing the TCP / IP protocol stack of the operating system, its less effective

In the existing denial-of-service attack defense methods against DNS, most of them prevent denial-of-service attacks in a passive defense manner, and there is a problem that active detection and filtering of denial-of-service attacks cannot be effectively performed, making the defense cost of denial-of-service attacks taller and less defensive

Images