信息网络安全 ›› 2018, Vol. 18 ›› Issue (4): 65-71.doi: 10.3969/j.issn.1671-1122.2018.04.009

• • 上一篇    下一篇

基于模糊综合评价模型的DNS健康度评估

朱毅1,2, 陈兴蜀2(), 陈敬涵1, 邵国林1   

  1. 1.四川大学计算机学院, 四川成都 610065
    2.四川大学网络空间安全研究院, 四川成都 610065
  • 收稿日期:2017-10-01 出版日期:2018-04-15 发布日期:2020-05-11
  • 作者简介:

    作者简介:朱毅(1991—), 男, 四川,硕士研究生, 主要研究方向为网络安全、大数据分析; 陈兴蜀(1968—), 女, 四川,教授, 博士, 主要研究方向为网络安全、云计算与大数据; 陈敬涵(1993—), 女, 重庆,硕士研究生, 主要研究方向为网络安全、大数据分析; 邵国林(1991—), 男, 江西,博士研究生, 主要研究方向网络安全、大数据分析。

  • 基金资助:
    国家自然科学基金[61272447]

DNS Health Assessment Based on Fuzzy Comprehensive Evaluation

Yi ZHU1,2, Xingshu CHEN2(), Jinghan CHEN1, Guolin SHAO1   

  1. 1.College of Computer Science, Sichuan University, Chengdu Sichuan 610065, China
    2. Cybersecurity Research Institute, Sichuan University, Chengdu Sichuan 610065, China
  • Received:2017-10-01 Online:2018-04-15 Published:2020-05-11

摘要:

DNS作为互联网的中枢神经系统,是几乎所有互联网应用中的关键节点,但由于其本身协议设计的脆弱性,DNS系统的安全性正面临着严峻的考验。对DNS流量进行检测与评估可以为网络安全提供保障和支持,现阶段国内外研究人员对DNS的评估大多是通过主动探测或针对特定网络攻击活动的检测来实现,但此类方法存在影响测评系统以及考虑不完全的情况。文章基于模糊综合评价法对DNS流量数据进行分析,针对服务器工作状态、用户使用情况以及非常规使用状态这3类情况提出了多项影响因素,描述并分析了DNS的活动情况,达到了在不影响DNS工作环境基础上对DNS活动进行检测和评估。目前该方法已应用于校园DNS服务器的流量监测中,实际的检测结果表明,该模型可以有效地检测用户错误配置、类DDoS攻击以及用户大规模变化等多种异常状况。

关键词: DNS流量, 健康度评估, 模糊综合评价, 网络流量检测

Abstract:

DNS is the key node in almost all Internet applications and is considered as the central nervous system of the Internet. However, due to the vulnerability of its protocol design, the security of DNS system is facing severe challenges. Monitoring and evaluating DNS traffic can provide support and guarantee for network security, the researches of DNS security evaluation mainly focus on active detection methods or specific network attacks at present. However, these approaches are inadequate for effecting DNS system or other ill-conceived problems. To address these problems, a novel DNS health evaluation model based on fuzzy comprehensive evaluation is proposed in this paper. On the basis of DNS traffic analysis, several evaluation indicators are proposed according to three aspects: the server working state, user usage state and unconventional use state. Taking advantage of this model, it can describe and analyze the activity of DNS, and achieve the result of evaluating the DNS service state without affecting the DNS working environment. Currently, this method has been applied in the campus DNS server, the actual result of the experiment shows that the model can effectively detect the user error configuration, DDoS attacks, massive changes and other abnormal conditions.

Key words: DNS traffic, health assessment, fuzzy comprehensive evaluation, network traffic detection

中图分类号: