Method and system for detecting DNS (domain name system) traffic abnormality

A traffic anomaly and detection method technology, applied in the field of computer network, can solve the problems of lack of unknown feature attack detection ability, low generalization and promotion ability of detection algorithm, large calculation amount of detection method, etc., and achieves accelerated convergence speed and strong generalization ability. , the effect of accurate detection rate

Active Publication Date: 2013-03-27
CHINA INTERNET NETWORK INFORMATION CENTER
View PDF4 Cites 61 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0023] (2) The detection method has a large amount of computation, the convergence speed of the algorithm is slow, and consumes too much system resources
Such as: some existing neural network detection methods, in the process of feature extraction and detection and classification, the amount of calculation is too large and too complicated
[0024] (3) Lack of ability to detect attacks with unknown features, and the generalization ability of the detection a

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for detecting DNS (domain name system) traffic abnormality
  • Method and system for detecting DNS (domain name system) traffic abnormality
  • Method and system for detecting DNS (domain name system) traffic abnormality

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0043] According to the authoritative notification of the Ministry of Industry and Information Technology, around 21:00 on May 19, 2009, a large-scale network failure occurred in my country. The cause of the incident was that the servers of the domain name hosting provider DNSPOD began to suffer from large-scale malicious traffic attacks at 19:00 on the 18th. About 100,000 domain names, including the website, could not be resolved normally, causing ISP domain name recursive servers across the country to receive a large number of abnormal DNS query requests, and the servers of ISPs in various places were overwhelmed and paralyzed, which further evolved into a nationwide network failure problem. According to statistics from basic operators afterwards, the 5.19 incident affected as many as 23 provinces, of which 5 to 10 provinces were seriously affected, and tens of millions of Internet users were affected.

[0044] Due to the caching effect of DNS, the domain names hosted by DNS...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a method and a system for detecting DNS (domain name system) traffic abnormality. The method includes: extracting corresponding characteristic values for DNS traffic data to be processed, giving different weights to each characteristic, and detecting an abnormality cluster marked in a training set by the aid of the W-Kmeans algorithm and the additional Euclidean distance threshold Dthreshold so that new unknown characteristic abnormality can be discovered. The method and the system have the advantages that the algorithm is high in convergence speed and small in calculation, new samples to be detected only need to be compared with a processed training clustering center, calculation of a great quantity of original training data is not needed, the method and the system are low in deployment cost, strong in generalization ability and capable of discovering DNS traffic abnormality rapidly and effectively, and the system is particularly suitable for being deployed on a large DNS server.

Description

technical field [0001] The invention belongs to the field of computer networks, and relates to a DNS traffic detection system, in particular to a method and system for detecting abnormal DNS traffic. Background technique [0002] The Domain Name System (Domain Name System, DNS) is the link connecting the application layer and the network layer of the entire Internet. It is the nerve center of today's Internet system. Its main function is to realize the conversion between IP addresses and domain names for precise positioning and identification. The vast resources on the Internet are the cornerstone of the normal operation of many important network applications (web browsing, email, etc.). [0003] Although DNS provides various basic services for Internet users, it is a pity that DNS is still often attacked maliciously by saboteurs, such as DNS cache poisoning, DNS redirection, DNS information hijacking, DNS amplification attacks, etc. DNS DDOS attack, etc. The security situ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L12/26H04L29/12
Inventor 李晓东金键林成虎尉迟学彪
Owner CHINA INTERNET NETWORK INFORMATION CENTER
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap