A New Design of Suspicious Domain Name Monitoring System for Web Communication

doi:10.3969/j.issn.1671-1122.2017.12.003

Abstract

Abstract:

In Web communications, suspicious domain names have emerged frequently, which poses a serious threat to network security. Traditional domain name analysis technology can only carry out simple protocol analysis, and it has complex operation, difficult deployment and heavy resource consumption. In order to solve the false threats, deception and bad domain names in Web services, a monitoring and reverse system for suspicious domain names in Web communication is designed in this paper. This system mainly through the BGP process to achieve the goal of traffic traction, DNS data packet capture and analysis of target flow, and matched with suspicious domain name suspicious domain name database, matching the success of the domain name by calling the security module to realize safety control. The test of building campus network shows that the system is easy to operate and deploy. It can monitor and counter the suspicious domain name.

Key words: network security, Web communication, monitoring system

CLC Number:

TP309.1

Guofeng ZHAO, Yan ZHAO, Xinheng WANG, Fei YE. A New Design of Suspicious Domain Name Monitoring System for Web Communication[J]. Netinfo Security, 2017, 17(12): 11-16.

Figures/Tables 13

References 23

[1]	袁帅. DNS解析错误处理方法[J]. 电子制作, 2014(5):70-70.
[2]	饶毓, 狄少嘉. 2017年3月网络安全监测数据发布[J]. 信息网络安全, 2017(5):83-84.
[3]	LEGRAND I, NEWMAN H, VOICU R, et al.MonALISA: An Agent Based,Dynamic Service System to Monitor, Control and Optimize Distributedsystems[J]. Computer Physics Communications, 2009, 180(12): 2472-2498.
[4]	DASGUPTA D, BRIAN H.Mobile Security Agents for Network Traffic Analysis[C]//IEEE.DARPA Information Survivability Conference & Exposition,June 12-14, 2001,Anaheim, California.New York:IEEE, 2001,: 332-340.
[5]	丁庸,曹伟,罗森林. 基于LKM系统调用劫持的恶意软件行为监控技术研究[J]. 信息网络安全,2016(4):1-8.
[6]	王培新, 刘颖, 张思东,等. Web通信中可疑域名监控技术的研究[J]. 计算机技术与发展, 2012, 22(4):231-234.
[7]	赵国锋,陈勇,王新恒. 针对HTTPS的Web前端劫持及防御研究[J]. 信息网络安全,2016(3):15-20.
[8]	刘磊锋. 基于Linux内核的网络异常监控系统研究[D]. 重庆:重庆大学, 2010.
[9]	MCCANNE S, JACOBSON V.The BSD Packet Filter: A New Architecture for User-level Packet Capture[C]//USENIX winter. USENIX'93 Proceedings of the USENIX Winter 1993 Conference Proceedings,January 25-29, 1994,San Diego, California. Berkeley:USENIX,1993:2.
[10]	WANG Y, YU G, ZHANG J, et al.The Performance Optimization of Capture Packets Based On the Combination of PF_RING And NAPI[J]. Encyclopedia of Materials Science & Technology, 2016, 10(8):2236-2245.
[11]	WU S, MANBER U. A Fast Algorithm for Multi-pattern Searching [EB/OL].,2017-5-15.
[12]	LE D N.A New Multiple-pattern Matching Algorithm for the Network Intrusion Detection System[J]. International Journal of Engineering and Technology, 2016, 8(2): 94-100.
[13]	孙友仓. 多模式匹配算法的性能分析[J]. 电子设计工程,2010,18(1):17-18.
[14]	AlMUSAWI B, BRANCH P, ARMITAGE G. BGP Anomaly Detection Techniques: A Survey[J]. IEEE Communications Surveys & Tutorials, 2017, 19(1):377-396.
[15]	LIU Q, XU Z, LI Z.Implementation of Hardware TCP/IP Stack for DAQ Systems with Flexible Data Channel[J].Electronics Letters, 2017, 53(8):530-532.
[16]	高文华. Netfilter/iptables防火墙中精确单模式匹配算法研究[D]. 成都:电子科技大学, 2016.
[17]	方迪. 一种http重定向方法及路由设备[EB/OL]. https://www.google.com/patents/CN105338072A?cl=zh,2017-5-15.
[18]	MARTINI P M. Web Redirection for Content Filtering: U.S. Patent 9,654,500[EB/OL]. ,2017-5-15.
[19]	李璐. Linux下应用层包过滤防火墙的设计与实现[D]. 北京:北京邮电大学, 2015.
[20]	WANG B, LU K, CHANG P.Design and Implementation of Linux Firewall Based on the Frame of Netfilter/IPtable[C]//IEEE.Computer Science & Education (ICCSE), 2016 11th International Conference on,August 23-25,2016,Nagoya, Japan. New York:IEEE, 2016: 949-953.
[21]	YILMAZ H B, KOO B H, PARK S H, et al.Frequency Assignment Problem with Net Filter Discrimination Constraints[J]. Journal of Communications and Networks, 2017, 19(4): 329-340.
[22]	BULLOCK J, PARKER J T. Wireshark for Security Professionals: Using Wireshark and the Metasploit Framework[EB/OL]. ,2017-5-15.
[23]	GESCHIERE J P, BAGNI M, MAARSEVEEN R A V, et al. Parallel Sar Processing on LINUX PCS Enables Operational Radar Remote Sensing[EB/OL]. ,2017-5-15.