Netinfo Security ›› 2018, Vol. 18 ›› Issue (4): 65-71.doi: 10.3969/j.issn.1671-1122.2018.04.009

• Orginal Article • Previous Articles     Next Articles

DNS Health Assessment Based on Fuzzy Comprehensive Evaluation

Yi ZHU1,2, Xingshu CHEN2(), Jinghan CHEN1, Guolin SHAO1   

  1. 1.College of Computer Science, Sichuan University, Chengdu Sichuan 610065, China
    2. Cybersecurity Research Institute, Sichuan University, Chengdu Sichuan 610065, China
  • Received:2017-10-01 Online:2018-04-15 Published:2020-05-11

Abstract:

DNS is the key node in almost all Internet applications and is considered as the central nervous system of the Internet. However, due to the vulnerability of its protocol design, the security of DNS system is facing severe challenges. Monitoring and evaluating DNS traffic can provide support and guarantee for network security, the researches of DNS security evaluation mainly focus on active detection methods or specific network attacks at present. However, these approaches are inadequate for effecting DNS system or other ill-conceived problems. To address these problems, a novel DNS health evaluation model based on fuzzy comprehensive evaluation is proposed in this paper. On the basis of DNS traffic analysis, several evaluation indicators are proposed according to three aspects: the server working state, user usage state and unconventional use state. Taking advantage of this model, it can describe and analyze the activity of DNS, and achieve the result of evaluating the DNS service state without affecting the DNS working environment. Currently, this method has been applied in the campus DNS server, the actual result of the experiment shows that the model can effectively detect the user error configuration, DDoS attacks, massive changes and other abnormal conditions.

Key words: DNS traffic, health assessment, fuzzy comprehensive evaluation, network traffic detection

CLC Number: