DNS hijacking detection method and device

A detection method and DNS service technology, applied in the field of network security, can solve problems such as high labor cost, low efficiency, and inconsistency

Active Publication Date: 2020-02-28
WUHAN GREENET INFORMATION SERVICE
View PDF6 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

At present, many detection methods for DNS hijacking have appeared. For example, operators of certain websites and search engines usually rely on user feedback information from forums and other public platforms to contact users to reproduce the hijacking phenomenon, so as to take screenshots and collect evidence. This method cannot detect and reproduce hijacking in a timely and proactive manner, and has high labor costs and low efficiency
For another example, the IOT security defense platform uses the method of comparing the terminal analysis results with the cloud DNS analysis results to determine whether DNS hijacking has occurred. The analysis results are incomplete or inconsistent, causing false positives or false negatives in the detection
Moreover, it is difficult for these traditional detection methods to effectively determine DNS hijacking matching keywords

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • DNS hijacking detection method and device
  • DNS hijacking detection method and device
  • DNS hijacking detection method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0051] The embodiment of the present invention provides a DNS hijacking detection method, which is mainly aimed at the DNS hijacking of DNS packet modification type occurring in the network. Before the introduction of the detection method, the detection principle and detection idea of ​​the detection method of the present invention will be introduced. Wherein, the detection method provided by the present invention is mainly based on the following detection principles:

[0052] During the entire process of DNS message transmission, if a DNS message is modified in a certain link, a false DNS resolution record will be obtained; for example, if the DNS request is to resolve the IP address of a domain name, a False IP address. The real DNS request process and the hijacked DNS request process are different in many aspects, the most important difference lies in the processing of fake domain names and fake DNS servers. If we request a domain name that does not exist, a normal non-hi...

Embodiment 2

[0099] On the basis of the DNS hijacking detection method provided in the above-mentioned embodiment 1, the present invention also provides a DNS hijacking detection device that can be used to implement the above method, such as Figure 7 Shown is a schematic diagram of the device architecture of the embodiment of the present invention. The device for detecting DNS hijacking in this embodiment includes one or more processors 21 and memory 22 . in, Figure 7 A processor 21 is taken as an example.

[0100] The processor 21 and the memory 22 may be connected via a bus or in other ways, Figure 7 Take connection via bus as an example.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to the technical field of network safety, in particular to a DNS hijacking detection method and device. The method comprises the following steps: randomly generating an inexistent false domain name as a test main domain name; generating a plurality of test sub-domain names based on the test main domain name so as to form a first test sub-domain name set; initiating a batch DNS resolution request to a first DNS server by using the first test sub-domain name set, wherein the first DNS server is a real DNS server; checking a DNS response result, and judging whether DNS hijacking exists or not according to whether each test sub-domain name in the first test sub-domain name set is analyzed or not; If the test sub-domain name is analyzed, determining that the DNS hijackingexists, and determining the keywords of the DNS hijacking. According to the method, batch detection is carried out by using a large number of false sub-domain names through active DNS request detection, so that whether DNS hijacking exists or not can be quickly and accurately detected, and matching keywords of DNS hijacking can be identified.

Description

【Technical field】 [0001] The invention belongs to the technical field of network security, and in particular relates to a detection method and device for DNS hijacking. 【Background technique】 [0002] The Domain Name System (DNS for short) is an online distributed database system with a hierarchical tree structure, which consists of the following roles: DNS client, forwarding DNS server, DNS resolution server, and authoritative domain name server figure 1 Shown; Among them, the resolution DNS server is also called the recursive DNS server. [0003] A DNS client refers to a program that makes DNS requests, such as browsers, operating systems, dig command tools, etc. It is responsible for initiating DNS requests, and the object of initiating DNS requests is a forwarding DNS server or a resolving DNS server. [0004] A forwarding DNS server means that it is not responsible for resolving domain names to IP addresses, but forwards DNS requests to another forwarding DNS server or...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/12
CPCH04L61/10H04L63/1466H04L61/4511
Inventor 侯贺明叶志钢黄华桥程波曾伟李竞
Owner WUHAN GREENET INFORMATION SERVICE
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap