Domain name service risk assessment method and system based on DNS resolution dependence

A risk assessment and domain name service technology, applied in the field of domain name service risk assessment based on DNS resolution dependence, can solve problems such as Internet network failure, huge system impact, and telecommunications DNS service paralysis, and achieve comprehensive assessment, calculation, and accurate risk effects

Inactive Publication Date: 2019-11-19
INST OF INFORMATION ENG CHINESE ACAD OF SCI
View PDF2 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, due to the chain reaction, when the Storm client could not get the resolution from DNSPod, it turned to the DNS of the local telecom to initiate a massive query, causing the DNS service of the local telecom to be paralyzed, and finally caused Beijing, Tianjin, Shanghai, Hebei, Shanxi, Anhui, Hubei , Guangdong, Guangxi and other provinces have successively experienced large-scale Internet network failures
It can be seen that in DNS, the failure of one link in the resolution process may have a huge impact on the normal operation of the entire system.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Domain name service risk assessment method and system based on DNS resolution dependence
  • Domain name service risk assessment method and system based on DNS resolution dependence
  • Domain name service risk assessment method and system based on DNS resolution dependence

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0056] In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific implementations described here are only used to explain the present invention, not to limit the present invention.

[0057] The technical scheme of the present invention includes four modules, which are respectively acquiring data, constructing a dependency graph, generating a logic tree, and calculating a risk value. The relationship between the four modules and the data flow as figure 1 shown.

[0058] 1. Get data

[0059] The present invention collects data by passively collecting DNS traffic. Extract A records, AAAA records, CNAME records, and NS records from Passive DNS and store them in the database for subsequent dependency graph construction.

[0060] 2. Build a dependency graph

[0061] For the ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a domain name service risk assessment method and a system based on DNS (Domain Name System) resolution dependence, which are used for determining a region, a domain name and aserver which are depended in the resolution process of a given domain name, and can calculate the risk of successful resolution of the given domain name under the condition of knowing the risk of related servers. The method comprises the following steps: extracting four types of resource records of A, AAA, CNAME and NS from passively acquired DNS data; constructing a resource record dependence graph of given domain name resolution by utilizing parent region dependence, name server dependence, alias dependence and server dependence in the domain name resolution process; converting the domain name resolution resource record dependency graph into a logic relationship tree by utilizing the relationship among the four dependencies; and calculating a risk value of normal resolution of the givendomain name from bottom to top by utilizing the risk evaluation value of the server in the logic relationship tree.

Description

technical field [0001] The present invention relates to the fields of cyberspace security and risk assessment, in particular to a domain name service risk assessment method and system based on DNS resolution dependency. Background technique [0002] Domain name system (Domain name system, hereinafter referred to as DNS) is a basic service of the Internet. It serves as a distributed database that maps domain names and IP addresses to each other, enabling people to access the Internet more conveniently. The proper functioning of the Internet is inseparable from DNS. Every web page visited, every email sent, and every picture retrieved from social media: all of these interactions go through DNS to translate easy-to-use domain names like icann.org into IP addresses ( such as 192.0.43.7 and 2001:500:88:200::7), servers, routers, and other network devices need to route traffic to the appropriate destination on the Internet based on the IP address. DNS has a hierarchical structur...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/12
CPCH04L63/14H04L63/1441H04L63/20H04L69/22H04L61/4511
Inventor 罗蒙姜政伟汪秋云任房利汪姝玮辛丽玲
Owner INST OF INFORMATION ENG CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap