Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A random sub-domain ddos ​​attack detection method

An attack detection and randomizer technology, applied in the field of network security, can solve problems such as low efficiency and traffic impact, achieve the effect of simple and efficient model, avoid false positive rate increase, improve adaptability and accuracy

Active Publication Date: 2020-07-28
INST OF INFORMATION ENG CHINESE ACAD OF SCI +1
View PDF11 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This will put a lot of pressure on the bandwidth, and if the blacklist method is simply adopted, it will not only be inefficient, but may also have a great impact on normal access traffic

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A random sub-domain ddos ​​attack detection method
  • A random sub-domain ddos ​​attack detection method
  • A random sub-domain ddos ​​attack detection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0065] Embodiment 1. The input data in this embodiment of the present invention comes from DNS data collected by a certain gateway. The data is real data and has been desensitized. The following 10 DNS log records are used for explanation.

[0066] The data after field extraction is:

[0067]

[0068]

[0069] After data preprocessing, filtering data, parsing and extracting the second-level domain name of the domain name, it is converted into a key-value pair type data format, and the data is:

[0070]

[0071] Perform data aggregation steps on the preprocessed data:

[0072]

[0073]

[0074] After the data aggregation is completed, the statistics calculation step is performed, and the following results are obtained:

[0075]

[0076] Then perform threshold discrimination. From the above example, it can be seen that the selected two statistical features have a strong distinction between attack traffic and normal traffic. In the above example, it is assumed ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention proposes a DDoS attack detection method aimed at a DNS server. DNS server is an important public infrastructure in the network environment. In order to make DNS denial of service, malicious attackers send a large number of forged query requests to open DNS resolvers that allow recursion, and make DNS servers unable to respond to normal requests by exhausting DNS computing resources and bandwidth. The problem solved by the inventors is focused on a new type of attack against the DNS server, that is, the authoritative server for resolving the domain name sends a large number of domain name resolution requests with random subdomain names for the resolving domain name through the botnet controlled by it. Use up DNS server resources. The inventor specifically proposed a detection method based on a statistical method to deal with the above-mentioned DDoS attack. Not only can it accurately detect the occurrence of random sub-domain DDoS attacks, but it can also confirm which domain name the DDoS attack was launched against, and follow-up defense work can be carried out on this basis.

Description

technical field [0001] The invention belongs to the technical field of network security, and in particular relates to a DDoS attack detection method for an authoritative DNS server to which a domain name belongs by using a random sub-domain name. It is mainly used for DNS traffic protection of traffic operators or large service providers and content providers. Background technique [0002] The DNS protocol is a very important network protocol. DNS server is an important public infrastructure in the network environment. Just because DNS provides basic services on the Internet, the security protection system will not impose any restrictions on queries, so attacks on DNS can be disguised as normal query access. DNS servers are completely exposed to attacks, and basically cannot be protected by some security protection systems such as firewalls and IDS. Moreover, DNS lacks an authentication mechanism, and the data is not encrypted during transmission, which is easy to be inte...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L29/12H04L12/24H04L12/26
CPCH04L41/142H04L41/145H04L63/1416H04L63/1425H04L63/1458H04L43/16H04L41/0681H04L61/4511
Inventor 王利明罗熙张勇涛杨婧王静田甜
Owner INST OF INFORMATION ENG CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com