Random sub-domain name DDoS attack detection method

An attack detection and randomizer technology, applied in the field of network security, can solve problems such as low efficiency and traffic impact, achieve the effect of simple and efficient model, avoid false positive rate increase, and simple and robust classifier

Active Publication Date: 2018-10-19
INST OF INFORMATION ENG CAS +1
View PDF11 Cites 12 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This will put a lot of pressure on the bandwidth, and if the blacklist method is simply adopt

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Random sub-domain name DDoS attack detection method
  • Random sub-domain name DDoS attack detection method
  • Random sub-domain name DDoS attack detection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0065] Embodiment 1. The input data in this embodiment of the present invention comes from DNS data collected by a certain gateway. The data is real data and has been desensitized. The following 10 DNS log records are used for explanation.

[0066] The data after field extraction is:

[0067]

[0068]

[0069] After data preprocessing, filtering data, parsing and extracting the second-level domain name of the domain name, it is converted into a key-value pair data format, and the data is:

[0070]

[0071] Perform data aggregation steps on the preprocessed data:

[0072]

[0073]

[0074] After the data aggregation is completed, the statistics calculation step is performed, and the following results are obtained:

[0075]

[0076] Then perform threshold discrimination. From the above example, it can be seen that the selected two statistical features have a strong distinction between attack traffic and normal traffic. In the above example, it is assumed that ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a DDoS attack detection method for a DNS server. The DNS server is an important public infrastructure in a networked environment. In order to cause the DNS to refuse service, amalicious attacker sends a large number of forged query requests to an open DNS resolver that allows recursion, and the DNS server cannot respond to normal requests by exhausting the computing resources and the bandwidth of the DNS. The problem solved by the inventor focuses on a novel attack type for the DNS server, that is, an authoritative server for resolution domain name sends a large numberof domain name resolution requests carrying random sub-domain name for the resolution domain name through a botnet controlled by the authoritative server, in order to exhaust the resources of the DNSserver. The inventor specifically provides a detection mode based on a statistical method for the DDoS attack. The occurrence of the random sub-domain name DDoS attack can not only be detected accurately, and the present DDoS attack is initiated for which domain name can also be confirmed, and subsequent defense work can be performed on the basis.

Description

technical field [0001] The invention belongs to the technical field of network security, and in particular relates to a DDoS attack detection method for an authoritative DNS server to which a domain name belongs by using a random sub-domain name. It is mainly used for DNS traffic protection of traffic operators or large service providers and content providers. Background technique [0002] The DNS protocol is a very important network protocol. DNS server is an important public infrastructure in the network environment. Just because DNS provides basic services on the Internet, the security protection system will not impose any restrictions on queries, so attacks on DNS can be disguised as normal query access. DNS servers are completely exposed to attacks, and basically cannot be protected by some security protection systems such as firewalls and IDS. Moreover, DNS lacks an authentication mechanism, and the data is not encrypted during transmission, which is easy to be inte...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L29/12H04L12/24H04L12/26
CPCH04L41/142H04L41/145H04L63/1416H04L63/1425H04L63/1458H04L43/16H04L41/0681H04L61/4511
Inventor 王利明罗熙张勇涛杨婧王静田甜
Owner INST OF INFORMATION ENG CAS
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap