基于模糊综合评价模型的DNS健康度评估

doi:10.3969/j.issn.1671-1122.2018.04.009

信息网络安全 ›› 2018, Vol. 18 ›› Issue (4): 65-71.doi: 10.3969/j.issn.1671-1122.2018.04.009

基于模糊综合评价模型的DNS健康度评估

朱毅^1,², 陈兴蜀²(), 陈敬涵¹, 邵国林¹

1.四川大学计算机学院, 四川成都 610065
2.四川大学网络空间安全研究院, 四川成都 610065

收稿日期:2017-10-01 出版日期:2018-04-15 发布日期:2020-05-11
作者简介:
作者简介：朱毅(1991—), 男, 四川,硕士研究生, 主要研究方向为网络安全、大数据分析; 陈兴蜀(1968—), 女, 四川,教授, 博士, 主要研究方向为网络安全、云计算与大数据; 陈敬涵(1993—), 女, 重庆,硕士研究生, 主要研究方向为网络安全、大数据分析; 邵国林(1991—), 男, 江西,博士研究生, 主要研究方向网络安全、大数据分析。
基金资助:
国家自然科学基金[61272447]

DNS Health Assessment Based on Fuzzy Comprehensive Evaluation

Yi ZHU^1,², Xingshu CHEN²(), Jinghan CHEN¹, Guolin SHAO¹

1.College of Computer Science, Sichuan University, Chengdu Sichuan 610065, China
2. Cybersecurity Research Institute, Sichuan University, Chengdu Sichuan 610065, China

Received:2017-10-01 Online:2018-04-15 Published:2020-05-11

摘要/Abstract

摘要：

DNS作为互联网的中枢神经系统,是几乎所有互联网应用中的关键节点,但由于其本身协议设计的脆弱性,DNS系统的安全性正面临着严峻的考验。对DNS流量进行检测与评估可以为网络安全提供保障和支持,现阶段国内外研究人员对DNS的评估大多是通过主动探测或针对特定网络攻击活动的检测来实现,但此类方法存在影响测评系统以及考虑不完全的情况。文章基于模糊综合评价法对DNS流量数据进行分析,针对服务器工作状态、用户使用情况以及非常规使用状态这3类情况提出了多项影响因素,描述并分析了DNS的活动情况,达到了在不影响DNS工作环境基础上对DNS活动进行检测和评估。目前该方法已应用于校园DNS服务器的流量监测中,实际的检测结果表明,该模型可以有效地检测用户错误配置、类DDoS攻击以及用户大规模变化等多种异常状况。

关键词: DNS流量, 健康度评估, 模糊综合评价, 网络流量检测

Abstract:

DNS is the key node in almost all Internet applications and is considered as the central nervous system of the Internet. However, due to the vulnerability of its protocol design, the security of DNS system is facing severe challenges. Monitoring and evaluating DNS traffic can provide support and guarantee for network security, the researches of DNS security evaluation mainly focus on active detection methods or specific network attacks at present. However, these approaches are inadequate for effecting DNS system or other ill-conceived problems. To address these problems, a novel DNS health evaluation model based on fuzzy comprehensive evaluation is proposed in this paper. On the basis of DNS traffic analysis, several evaluation indicators are proposed according to three aspects: the server working state, user usage state and unconventional use state. Taking advantage of this model, it can describe and analyze the activity of DNS, and achieve the result of evaluating the DNS service state without affecting the DNS working environment. Currently, this method has been applied in the campus DNS server, the actual result of the experiment shows that the model can effectively detect the user error configuration, DDoS attacks, massive changes and other abnormal conditions.

Key words: DNS traffic, health assessment, fuzzy comprehensive evaluation, network traffic detection

中图分类号:

TP309

朱毅, 陈兴蜀, 陈敬涵, 邵国林. 基于模糊综合评价模型的DNS健康度评估[J]. 信息网络安全, 2018, 18(4): 65-71.

Yi ZHU, Xingshu CHEN, Jinghan CHEN, Guolin SHAO. DNS Health Assessment Based on Fuzzy Comprehensive Evaluation[J]. Netinfo Security, 2018, 18(4): 65-71.

图/表 8

图1

表1

表2

图2

图3

图4

图5

图6

参考文献 17

[1]	MOCKAPERTRIS P.Domain Names-implementation and Specification[J]. RFC1035, 1987, 19(6):697.
[2]	QING Sihan.Security Protection of Critical Infrastructure[J]. Netinfo Security,2015(2):1-6.
	卿斯汉. 关键基础设施安全防护[J]. 信息网络安全,2015(2):1-6.
[3]	SON S, SHMATIKOV V.The Hitchhiker’s Guide to DNS Cache Poisoning[J]. Lecture Notes of the Institute for Computer Sciences Social Informatics & Telecommunications Engineering, 2010(50):466-483.
[4]	WEN Weiping, GUO Ronghua, MENG Zheng, et al.Research and Implementation on Information Security Risk Assessment Key Technology[J]. Netinfo Security, 2015 (2): 7-14.
	文伟平,郭荣华,孟正,等. 信息安全风险评估关键技术研究与实现[J]. 信息网络安全,2015(2):7-14.
[5]	LI Bingrui.Active Measurement and Analysis of Open Recursive DNS Server[D]. Harbin: Harbin Insitute of Technology, 2016.
	李秉睿. 开放DNS递归服务器的主动测量与分析[D].哈尔滨: 哈尔滨工业大学, 2016.
[6]	YUCHI Xuebiao.Modeling and Analysis of Internet Domain Name System[D]. Beijing: Graduate University of Chinese Academy of Science, University of Chinese Academy of Sciences, 2012.
	尉迟学彪. DNS测量与评估若干关键技术研究[D]. 北京:中国科学院大学, 2012.
[7]	WANG Z. Modeling and Predicting DNS Server Load[EB/OL]. , 2016-6-30.
[8]	LI Yunchun, XU Ke, ZHANG Jianhua.A Method to Test DNS Service’s Performance in Campus Network Based on PlanetLab Platform[J]. Journal of East China Normal University(Natural Science) , 2015(S1):163-173.
	李云春, 许可, 张建华. 基于PlanetLab平台的校园网DNS服务性能测试方法[J]. 华东师范大学学报(自然科学版), 2015(S1):163-173.
[9]	YANG Jungang, WANG Xintong, LIU Guqing.DDoS Attack Detection Method Based on Network Traffic and IP Entropy[J]. Application Research of Computers, 2016, 33(4):1145-1149.
	杨君刚, 王新桐, 刘故箐. 基于流量和 IP熵特性的DDoS攻击检测方法[J]. 计算机应用研究, 2016, 33(4):1145-1149.
[10]	WU H, DANG X, ZHANG L, et al.Kalman Filter Based DNS Cache Poisoning Attack Detection[C] // Automation Science and Engineering (CASE). 2015 IEEE International Conference on, August 24-28, 2015, Gothenburg, Sweden. Piscataway NJ: IEEE, 2015:1594-1600.
[11]	DAGON D, PROVOS N, LEE C P, et al. Corrupted DNS Resolution Paths: The Rise of a Malicious Resolution Authority[EB/OL]. , 2008-1-1.
[12]	CHEN Jiaqiang, SHI Xiangquan, TAO Jing.DNSSEC Deployment Research and Implementation in Client[J]. Computer and Information Technology, 2015, 23(5):23-26.
	陈加强, 时向泉, 陶静. 客户端DNSSEC部署研究与实现[J]. 电脑与信息技术, 2015, 23(5):23-26.
[13]	ZHANG Ping, CHEN Changsong, Hu Honggang.Authenticated Encryption Modes Based on Block Ciphers[J]. Netinfo Security, 2014(11): 8-17.
	张平,陈长松,胡红钢. 基于分组密码的认证加密工作模式[J]. 信息网络安全,2014(11):8-17.
[14]	CHEN Shuili, LI Jinggong, WANG Xianggong.Fuzzy Set Theory and Its Application[M]. Beijing: Science Press, 2005.
	陈水利, 李敬功, 王向公. 模糊集理论及其应用[M]. 北京: 科学出版社, 2005.
[15]	WANG Fayu, ZHANG Xiaohong.Evaluation Method of Network Security Situation Based on Multi-source Event Fusion[J]. Computer Engineering and Design, 2016, 37(6):1440-1444.
	王法玉, 张晓洪. 多源事件融合的网络安全态势评估方法[J]. 计算机工程与设计, 2016, 37(6):1440-1444.
[16]	WANG Xiaodong, WU Yaqin.Design and Implementation of Network Damage State Evaluation Based on Fuzzy Comprehensive Judgment[J]. Modern Electronics Technique, 2016, 39(23):83-85.
	王晓东, 吴雅琴. 基于模糊综合评判的网络受损状态评估的设计与实现[J]. 现代电子技术, 2016, 39(23):83-85.
[17]	TANG Pei.Research on Network Security Situation Assessment Based on Fuzzy Evaluation and Analytic Hierarchy Process[J]. Network Security Technology & Application, 2015(10):69-70.
	汤沛. 基于模糊评估法和层次分析法的网络安全态势评估研究[J]. 网络安全技术与应用, 2015(10):69-70.

基于模糊综合评价模型的DNS健康度评估

DNS Health Assessment Based on Fuzzy Comprehensive Evaluation

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 8

参考文献 17

相关文章 3

编辑推荐

Metrics

本文评价

[1]	刘永磊, 金志刚, 郝琨, 张伟龙. 基于STRIDE和模糊综合评价法的移动支付系统风险评估[J]. 信息网络安全, 2020, 20(2): 49-56.
[2]	吴晓平, 周舟, 李洪成. Spark框架下基于无指导学习环境的网络流量异常检测研究与实现[J]. 信息网络安全, 2016, 16(6): 1-7.
[3]	张益. 信息安全等级保护模糊综合评价模型研究[J]. , 2012, 12(Z): 0-0.