Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and device for filtering DNS tunnel Trojan horse communication data

A technology of DNS tunneling and communication data, which is applied in the field of filtering DNS tunneling Trojan horse communication data, which can solve the problems of increasing the difficulty of analyzing DNS tunneling traffic, increasing system resource overhead, and increasing the rate of misjudgment, so as to reduce the amount of messages and prevent sabotage , the effect of reducing stress

Active Publication Date: 2021-03-26
INTERNET DOMAIN NAME SYST BEIJING ENG RES CENT
View PDF5 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In the process of network communication, 99% of the messages are whitelisted. However, after all the messages are collected, too many redundant message analyzes will increase system resource overhead and increase the difficulty of analyzing DNS tunnel traffic, that is, Increased misjudgment rate and decreased recognition rate

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for filtering DNS tunnel Trojan horse communication data
  • Method and device for filtering DNS tunnel Trojan horse communication data
  • Method and device for filtering DNS tunnel Trojan horse communication data

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0035] The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the drawings in the embodiments of the present invention. Apparently, the described embodiments are preferred implementation modes for implementing the present invention, and the description is for the purpose of illustrating the general principle of the present invention, and is not intended to limit the scope of the present invention. The scope of protection of the present invention should be defined by the claims. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts belong to the protection of the present invention. range.

[0036] refer to figure 1 , figure 2 , image 3 As shown, an embodiment of the present invention provides a method for filtering DNS tunneling Trojan horse communication data, the method comprising:

[0037] When the ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to the technical field of Internet domain names, and discloses a method and device for filtering DNS tunnel Trojan horse communication data, and the method comprises the steps: filtering and screening DNS tunnel Trojan horse flow for many times when a request message from an enterprise intranet and a response message transmitted to the enterprise intranet arrive at a DNS server, wherein the multi-time filtering and screening comprises the step of carrying out first-time separation and screening by judging whether the request message hits a local DNS cache or DNS authorityor not; performing secondary separation and screening by judging whether the request message falls into a set black and white list database or not; and performing third separation and screening by judging whether the data source of the response message is the intranet flow or the extranet flow. Based on the deployment scene of the DNS server and the interactive characteristics of the DNS tunnel Trojan horse, the message quantity sent to the tunnel module is reduced as much as possible by adopting a three-time filtering mode, so that the DNS tunnel Trojan horse checking efficiency and the performance of the whole system are greatly improved, and the burden of safety equipment on DNS tunnel flow analysis is reduced.

Description

technical field [0001] The invention relates to the technical field of Internet domain names, in particular to a method and device for filtering DNS tunnel Trojan horse communication data. Background technique [0002] With the development of the Internet, the country has launched network protection operations in recent years. Commonly used tunnel attacks such as ICMP and SSH have become more and more difficult to succeed, because they can be blocked by simple firewall policies, so most attackers use DNS tunnel attacks. The DNS protocol is one of the essential network communication protocols. Through the DNS tunnel, it is more secretive, so DNS tunnel protection becomes the top priority. At present, most DNS tunnel protection deployment scenarios are directly deployed at the egress of the gateway or on the DNS server, collecting all network traffic, and performing feature extraction, analysis and identification. [0003] Therefore, it is problematic to deploy and collect al...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L29/12H04L12/46
CPCH04L63/0227H04L63/101H04L12/4633H04L61/4511
Inventor 郭爱杰孙浩然吴琦邢志杰毛伟
Owner INTERNET DOMAIN NAME SYST BEIJING ENG RES CENT
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com