Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A cache optimization method and system for resisting persistent domain name prefix attack

A cache optimization and domain name change technology, applied in transmission systems, electrical components, etc., can solve problems such as poor stability, forged data packets, and large overall impact, and achieve the effects of ensuring stability, saving space, and ensuring effectiveness

Active Publication Date: 2018-04-27
INST OF INFORMATION ENG CHINESE ACAD OF SCI
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

If the total number of times or the change frequency of the destination IP exceeds the set threshold, it is considered that a domain name prefix change attack has occurred, and the strategy of discarding packets or sending false response packets is adopted. The disadvantages are: (1) High overhead: a bypass traffic analysis system needs to be established in real time Capture and store domain name query data packets, statistically analyze the number of destination IPs of all data packets, the calculation overhead and storage overhead are large
(2) Poor stability: The threshold setting of the total number of times or change frequency of the target IP is not unique, and has certain variability, which has a greater impact on the overall
At the same time, there is also the possibility of forging data packets, which will interfere with the method of analyzing the destination IP, resulting in poor stability
[0013] These two types of defense strategies do not directly optimize the caching domain name server itself, but notify the caching domain name server to take specific measures to deal with the attack after analyzing it through an external auxiliary device

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A cache optimization method and system for resisting persistent domain name prefix attack
  • A cache optimization method and system for resisting persistent domain name prefix attack
  • A cache optimization method and system for resisting persistent domain name prefix attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0047] The system of the present invention is operated by the plug-in of caching domain name server, and the present invention will be described in detail below in conjunction with the accompanying drawings and specific embodiments.

[0048] Such as image 3 As shown, a caching optimization method for caching domain name servers to resist persistent domain name prefix attacks, the method includes the following steps:

[0049] Step 101): Build a currently popular bind9.0 caching domain name server on the virtual machine, and perform caching optimization on the bind9.0 caching domain name server. First, in order to conduct experiments, it is necessary to have datasets that match reality. We use the second-level domain name (rrr17.com) and third-level domain name (1.499aa.com) of the website being upgraded to randomly generate 100,000 invalid third-level domain names with variable prefixes (*.rrr17.coms) and 100,000 invalid variable prefixes. The prefix fourth-level domain name...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a caching optimization method and system for resisting attacks of continuously changing domain name prefixes. The method includes: every set period of time, caching domain name server statistics records of non-existing domain names, and starting automatic aggregation of domain names when the records of non-existing domain names exceed a set threshold; The exact match of the domain name is divided into multiple aggregation categories. If the number of elements in the aggregation category exceeds the set threshold, all the domain names in the aggregation category will be aggregated into an aggregate domain name prefixed with *; for a new domain name query request, if the caching domain name server If there is no corresponding specific record in , it will be matched with the aggregated domain name. If the match is successful, a response that the domain name does not exist will be returned. Otherwise, the domain name query will be made to the authorized domain name server. The method of the invention has the advantages of strong cache stability, high real-time performance, saving cache space and the like.

Description

technical field [0001] The invention belongs to the technical field of network protection, and in particular relates to a caching optimization method and system for caching domain name servers to resist attacks of continuously changing domain name prefixes. Background technique [0002] A domain name is the name of a computer or computer group on the Internet consisting of a string of dot-separated names, used to identify the electronic location of the computer during data transmission (sometimes also refers to geographical location, geographical domain name, refers to A local area of ​​​​administrative autonomy), is the "mask" of the IP address. Domain names can be divided into multiple levels, and the part to the right of the last "." is called the top-level domain name, such as .com, .net, .org, etc. The part to the left of the last "." is called the second-level domain name, such as abc.com, trueland.net, etc. The left part of the second-level domain name is called the...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L29/12
CPCH04L63/1458H04L61/4511H04L67/568
Inventor 孙永刘晓梅刘庆云郭莉秦鹏刘洋刘俊朋
Owner INST OF INFORMATION ENG CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com