DNS tunnel detection method and DNS tunnel detection device

A technology of DNS tunnel and detection device, applied in the Internet field, can solve the problem of not being a DNS tunnel defense method, etc.

Active Publication Date: 2018-01-05
HUAWEI TECH CO LTD
View PDF6 Cites 21 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Therefore, this method is not an effective DNS tunnel defense method

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • DNS tunnel detection method and DNS tunnel detection device
  • DNS tunnel detection method and DNS tunnel detection device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0070] This embodiment provides a DNS tunnel detection method, the following combination figure 1 As shown, the specific steps of the DNS tunnel detection method are described in detail.

[0071] Step 101, acquiring passive DNS data.

[0072] The Passive DNS data shown in this embodiment is a technique for recording authoritative DNS resolution result resource records by analyzing communication between DNS servers.

[0073] Passive DNS data is very commonly used in malware analysis, and Passive DNS data does not contain DNS tunnel client information to avoid infringement of user privacy. Therefore, many companies and institutions in the world have carried out PassiveDNS database construction and data sharing.

[0074] The method shown in this embodiment is based on the analysis of Passive DNS data, does not involve client user information, fully protects the privacy of users, and Passive DNS data can be exchanged with the data sources of multiple companies in the world, and c...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention discloses a DNS tunnel detection method and a DNS tunnel detection device. The method comprises the steps of recognizing a plurality of main domain names included by passive DNS data; building at least one detection domain corresponding to the main domain names, wherein the number of the domain names included by the detection domain is less than or equal to a firstthreshold; if the detection domain comprises a DNS wildcard character domain name, discarding the DNS wildcard character domain name in the detection domain; and recognizing the detection domain applied to a DNS tunnel. According to the method and the device provided by the invention, user information of a client is not involved during a detection process, so that invasion of privacy is avoided, alot of insignificant sub-domain name records Wildcard can be discarded, records generated by Wildcard are filtered out, and the situation that lots of abnormal sub-domain names exist under one domainby lots of the insignificant records can be eliminated; if the detection domain applied to the DNS tunnel is determined, defense can be performed on the detection domain applied to the DNS tunnel, and thus the situation that a malicious client builds the DNS tunnel with an external DNS is avoided, and security during a data transmission process is ensured.

Description

technical field [0001] The invention relates to the technical field of the Internet, in particular to a DNS tunnel detection method and a DNS tunnel detection device. Background technique [0002] Domain Name System (English full name: Domain Name System, English abbreviation: DNS) is one of the most critical basic services of the Internet. It maps domain names and IP addresses to each other, so that people can easily access the Internet without having to memorize complicated IP addresses. The DNS protocol will basically not be intercepted by firewall policies. Even in an enterprise internal network, a DNS server is required for domain name resolution. Moreover, in order to be able to resolve domain names on the Internet, the DNS server within the enterprise needs to communicate with other DNS servers on the Internet. Communication, which creates conditions for the construction of covert channels based on the DNS protocol. Since the DNS tunnel client only needs to request t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/12
Inventor 章思宇姜开达张竞
Owner HUAWEI TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap