DNS Health Assessment Based on Fuzzy Comprehensive Evaluation

doi:10.3969/j.issn.1671-1122.2018.04.009

Abstract

Abstract:

DNS is the key node in almost all Internet applications and is considered as the central nervous system of the Internet. However, due to the vulnerability of its protocol design, the security of DNS system is facing severe challenges. Monitoring and evaluating DNS traffic can provide support and guarantee for network security, the researches of DNS security evaluation mainly focus on active detection methods or specific network attacks at present. However, these approaches are inadequate for effecting DNS system or other ill-conceived problems. To address these problems, a novel DNS health evaluation model based on fuzzy comprehensive evaluation is proposed in this paper. On the basis of DNS traffic analysis, several evaluation indicators are proposed according to three aspects: the server working state, user usage state and unconventional use state. Taking advantage of this model, it can describe and analyze the activity of DNS, and achieve the result of evaluating the DNS service state without affecting the DNS working environment. Currently, this method has been applied in the campus DNS server, the actual result of the experiment shows that the model can effectively detect the user error configuration, DDoS attacks, massive changes and other abnormal conditions.

Key words: DNS traffic, health assessment, fuzzy comprehensive evaluation, network traffic detection

CLC Number:

TP309

Yi ZHU, Xingshu CHEN, Jinghan CHEN, Guolin SHAO. DNS Health Assessment Based on Fuzzy Comprehensive Evaluation[J]. Netinfo Security, 2018, 18(4): 65-71.

Figures/Tables 8

References 17

[1]	MOCKAPERTRIS P.Domain Names-implementation and Specification[J]. RFC1035, 1987, 19(6):697.
[2]	QING Sihan.Security Protection of Critical Infrastructure[J]. Netinfo Security,2015(2):1-6.
	卿斯汉. 关键基础设施安全防护[J]. 信息网络安全,2015(2):1-6.
[3]	SON S, SHMATIKOV V.The Hitchhiker’s Guide to DNS Cache Poisoning[J]. Lecture Notes of the Institute for Computer Sciences Social Informatics & Telecommunications Engineering, 2010(50):466-483.
[4]	WEN Weiping, GUO Ronghua, MENG Zheng, et al.Research and Implementation on Information Security Risk Assessment Key Technology[J]. Netinfo Security, 2015 (2): 7-14.
	文伟平,郭荣华,孟正,等. 信息安全风险评估关键技术研究与实现[J]. 信息网络安全,2015(2):7-14.
[5]	LI Bingrui.Active Measurement and Analysis of Open Recursive DNS Server[D]. Harbin: Harbin Insitute of Technology, 2016.
	李秉睿. 开放DNS递归服务器的主动测量与分析[D].哈尔滨: 哈尔滨工业大学, 2016.
[6]	YUCHI Xuebiao.Modeling and Analysis of Internet Domain Name System[D]. Beijing: Graduate University of Chinese Academy of Science, University of Chinese Academy of Sciences, 2012.
	尉迟学彪. DNS测量与评估若干关键技术研究[D]. 北京:中国科学院大学, 2012.
[7]	WANG Z. Modeling and Predicting DNS Server Load[EB/OL]. , 2016-6-30.
[8]	LI Yunchun, XU Ke, ZHANG Jianhua.A Method to Test DNS Service’s Performance in Campus Network Based on PlanetLab Platform[J]. Journal of East China Normal University(Natural Science) , 2015(S1):163-173.
	李云春, 许可, 张建华. 基于PlanetLab平台的校园网DNS服务性能测试方法[J]. 华东师范大学学报(自然科学版), 2015(S1):163-173.
[9]	YANG Jungang, WANG Xintong, LIU Guqing.DDoS Attack Detection Method Based on Network Traffic and IP Entropy[J]. Application Research of Computers, 2016, 33(4):1145-1149.
	杨君刚, 王新桐, 刘故箐. 基于流量和 IP熵特性的DDoS攻击检测方法[J]. 计算机应用研究, 2016, 33(4):1145-1149.
[10]	WU H, DANG X, ZHANG L, et al.Kalman Filter Based DNS Cache Poisoning Attack Detection[C] // Automation Science and Engineering (CASE). 2015 IEEE International Conference on, August 24-28, 2015, Gothenburg, Sweden. Piscataway NJ: IEEE, 2015:1594-1600.
[11]	DAGON D, PROVOS N, LEE C P, et al. Corrupted DNS Resolution Paths: The Rise of a Malicious Resolution Authority[EB/OL]. , 2008-1-1.
[12]	CHEN Jiaqiang, SHI Xiangquan, TAO Jing.DNSSEC Deployment Research and Implementation in Client[J]. Computer and Information Technology, 2015, 23(5):23-26.
	陈加强, 时向泉, 陶静. 客户端DNSSEC部署研究与实现[J]. 电脑与信息技术, 2015, 23(5):23-26.
[13]	ZHANG Ping, CHEN Changsong, Hu Honggang.Authenticated Encryption Modes Based on Block Ciphers[J]. Netinfo Security, 2014(11): 8-17.
	张平,陈长松,胡红钢. 基于分组密码的认证加密工作模式[J]. 信息网络安全,2014(11):8-17.
[14]	CHEN Shuili, LI Jinggong, WANG Xianggong.Fuzzy Set Theory and Its Application[M]. Beijing: Science Press, 2005.
	陈水利, 李敬功, 王向公. 模糊集理论及其应用[M]. 北京: 科学出版社, 2005.
[15]	WANG Fayu, ZHANG Xiaohong.Evaluation Method of Network Security Situation Based on Multi-source Event Fusion[J]. Computer Engineering and Design, 2016, 37(6):1440-1444.
	王法玉, 张晓洪. 多源事件融合的网络安全态势评估方法[J]. 计算机工程与设计, 2016, 37(6):1440-1444.
[16]	WANG Xiaodong, WU Yaqin.Design and Implementation of Network Damage State Evaluation Based on Fuzzy Comprehensive Judgment[J]. Modern Electronics Technique, 2016, 39(23):83-85.
	王晓东, 吴雅琴. 基于模糊综合评判的网络受损状态评估的设计与实现[J]. 现代电子技术, 2016, 39(23):83-85.
[17]	TANG Pei.Research on Network Security Situation Assessment Based on Fuzzy Evaluation and Analytic Hierarchy Process[J]. Network Security Technology & Application, 2015(10):69-70.
	汤沛. 基于模糊评估法和层次分析法的网络安全态势评估研究[J]. 网络安全技术与应用, 2015(10):69-70.