Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Cache optimization method and system for resisting continuous variable-domain name prefix attack

A cache optimization and domain name change technology, applied in transmission systems, electrical components, etc., can solve problems such as poor stability, forged data packets, and large overall impact, and achieve the effects of ensuring stability, saving space, and ensuring real-time performance

Active Publication Date: 2015-05-13
INST OF INFORMATION ENG CAS
View PDF5 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

If the total number of times or the change frequency of the destination IP exceeds the set threshold, it is considered that a domain name prefix change attack has occurred, and the strategy of discarding packets or sending false response packets is adopted. The disadvantages are: (1) High overhead: a bypass traffic analysis system needs to be established in real time Capture and store domain name query data packets, statistically analyze the number of destination IPs of all data packets, the calculation overhead and storage overhead are large
(2) Poor stability: The threshold setting of the total number of times or change frequency of the target IP is not unique, and has certain variability, which has a greater impact on the overall
At the same time, there is also the possibility of forging data packets, which will interfere with the method of analyzing the destination IP, resulting in poor stability
[0013] These two types of defense strategies do not directly optimize the caching domain name server itself, but notify the caching domain name server to take specific measures to deal with the attack after analyzing it through an external auxiliary device

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Cache optimization method and system for resisting continuous variable-domain name prefix attack
  • Cache optimization method and system for resisting continuous variable-domain name prefix attack
  • Cache optimization method and system for resisting continuous variable-domain name prefix attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0047] The system of the present invention runs as a plug-in of a cache domain name server. The present invention will be described in detail below with reference to the drawings and specific embodiments.

[0048] Such as image 3 As shown, a cache optimization method for caching domain name servers to resist the continuous variable domain name prefix attack, the method includes the following steps:

[0049] Step 101): Build a currently popular bind9.0 cache domain name server on the virtual machine, and optimize the cache of the bind9.0 cache domain name server. First, in order to conduct experiments, there must be a data set that matches reality. We use the second-level domain name (rrr17.com) and third-level domain name (1.499aa.com) of the website being upgraded to randomly generate 100,000 invalid variable prefix third-level domain names (*.rrr17.coms) and 100,000 invalid variable prefixes. Prefix the fourth-level domain name (*.1.499aa.com), from which 300 domain names are r...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a cache optimization method and system for resisting continuous variable-domain name prefix attack. The method includes that regularly counting domain name absence records according to a set time period through a domain name cache server, when the domain name absence records surpass a set threshold, beginning to automatically gather the domain names; dividing the domain names into a plurality of aggregate classes according to the complete matching between second-level domain names and third-level domain names, if the element number of the aggregate class surpasses a set threshold, aggregating all the domain names in the aggregate class into an aggregate domain name with prefix *; for a new domain name query request, if there is no corresponding concrete record in the domain name cache server, matching with the aggregate domain name, if the matching is successful, returning a domain name absence response, otherwise, performing domain name query in an authorization domain name server. The cache optimization method for resisting the continuous variable-domain name prefix attack has advantages of strong cache stability, high timeliness, cache space saving and the like.

Description

Technical field [0001] The invention belongs to the technical field of network protection, and in particular relates to a cache optimization method and system for caching domain name servers to resist persistent variable domain name prefix attacks. Background technique [0002] A domain name is the name of a computer or computer group on the Internet composed of a series of names separated by dots. It is used to identify the electronic location of the computer during data transmission (sometimes also refer to the geographic location. The geographical domain name refers to A local area of ​​administrative autonomy) is the "mask" of IP addresses. Domain names can be divided into multiple levels. The right part of the last "." is called the top-level domain name, such as .com, .net, .org, etc. The left part of the last "." is called the second-level domain name, such as abc.com, trueland.net, etc. The left part of the second-level domain name is called the third-level domain name,...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L29/12
CPCH04L63/1458H04L61/4511H04L67/568
Inventor 孙永刘晓梅刘庆云郭莉秦鹏刘洋刘俊朋
Owner INST OF INFORMATION ENG CAS
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com