Netinfo Security ›› 2019, Vol. 19 ›› Issue (5): 77-83.doi: 10.3969/j.issn.1671-1122.2019.05.010

Previous Articles     Next Articles

DNS Protocol Restore System for Security Analysis Based on Large-scale Network

Yi WEN1(), Xingshu CHEN1, Xuemei ZENG2, Yonggang LUO2   

  1. 1. College of Cyber Security, Sichuan University, Chengdu Sichuan 610000, China
    2. Cyber Security Research Institute, Sichuan University, Chengdu Sichuan 610000, China
  • Received:2018-12-10 Online:2019-05-10 Published:2020-05-11

Abstract:

Network traffic restoration is the foundation of network security analysis. A DNS protocol restoration systemfor security analysis based on Storm was proposed aiming at the real-time response to massive data in big data network environment. The system obtains original data packets from the message system, parses the data packet layer by layer, and serializes the restored DNS data to the message system for subsequent security analysis. Based on the restoration, the data which used the protocol’s vulnerabilities or had an abnormal format would be researched and the system has the function to tell the packets which are abnormal in format, using UDP’s relaxation space injection or using Null to cheat and send message. The results of the experiment showed that the system had efficient real-time processing capabilities in the 10Gbps real big data network environment with the average processing delay within 5ms, and the ability to recognize and process abnormally formatted DNS packets.

Key words: DNS, protocol restore, storm, big data, streaming processing

CLC Number: