Anonymous Domain Name Algorithm Based on Character Space Construction

doi:10.3969/j.issn.1671-1122.2023.04.009

Abstract

Abstract:

Domain name data contained in network traffic brings data privacy challenges to network traffic sharing. The existing anonymization algorithms for domain names mostly use text generalization and replacement. Their privacy processing effect is good, but they destroy the original structure and text characteristics of domain names, and cannot meet the needs of network security analysis scenarios. This paper proposed a domain name anonymization method for network security analysis. Through the hierarchical anonymous processing strategy based on the domain name structure and the anonymous algorithm based on the character space construction, the domain name text is reconstructed on the premise of retaining the domain name structure and linguistic features concerned in the network security analysis, so as to maintain the availability of the domain name data required by researchers and remove the privacy information in the domain name data. In order to resist exhaustive attacks, the method of random reconstruction by parameters was adopted to reduce the probability of repeated anonymous results of the same domain name in different batches, and the proposed method based on the real network traffic data of campus network was verified. The experimental results show that the method proposed in this paper can effectively improve the unrecognized and irreversible characteristics of anonymous domain name data, and retain its structural and linguistic utility.

Key words: anonymization, domain name data, privacy protection, character space construction

CLC Number:

TP309

YIN Shu, CHEN Xingshu, ZHU Yi, ZENG Xuemei. Anonymous Domain Name Algorithm Based on Character Space Construction[J]. Netinfo Security, 2023, 23(4): 80-89.

Figures/Tables 9

References 17

[1]	DENG Boyun. Research on Privacy Protection Technology of Data Publishing Based on Anonymization[D]. Guangzhou: Guangdong University of Technology, 2020.
	邓博允. 基于匿名化的数据发布隐私保护技术研究[D]. 广州: 广东工业大学, 2020.
[2]	LENG Jianyu. Research on Anonymization Technology for Medical Information Privacy Protection[D]. Nanjing: Nanjing University of Posts and Telecommunications, 2021.
	冷建宇. 面向医疗信息隐私保护的匿名化技术研究[D]. 南京: 南京邮电大学, 2021.
[3]	SWEENEY L. K-Anonymity: A Model for Protecting Privacy[J]. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems, 2002, 10(5): 557-570. doi: 10.1142/S0218488502001648 URL
[4]	YAN Hongqiang, WANG Wei, ZHANG Jie. Overview on Privacy Policy and Technology of Internet Identifier[J]. Computer Systems & Applications, 2019, 28(12): 19-27.
	闫宏强, 王伟, 张婕. 互联网标识隐私保护政策及技术研究[J]. 计算机系统应用, 2019, 28(12): 19-27.
[5]	Wong C W, LI J, Fu W C, et al. (Alpha, K)- Anonymity: An Enhanced K-Anonymity Model for Privacy Preserving Data Publishing[C]// ACM. Proceedings of the Twelfth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. New York: ACM, 2006: 754-759.
[6]	MACHANAVAJJHALA A, KIFER D, GEHRKE J, et al. L-Diversity: Privacy Beyond K-Anonymity[J]. ACM Transactions on Knowledge Discovery from Data, 2007, 1(1): 3-11. doi: 10.1145/1217299.1217302 URL
[7]	KUMAR D. T-Closeness: Privacy Beyond K-Anonymity and Diversity[C]// IEEE. IEEE International Conference on Data Engineering. New York: IEEE, 2007: 106-115.
[8]	HUANG Kai, KONG Ning. Research on Status of DNS Privacy[J]. Computer Engineering and Applications, 2018, 54(9): 28-36. doi: 10.3778/j.issn.1002-8331.1801-0101
	黄锴, 孔宁. DNS隐私问题现状的研究[J]. 计算机工程与应用, 2018, 54(9): 28-36. doi: 10.3778/j.issn.1002-8331.1801-0101
[9]	KUENNING G, MILLER E L. Anonymization Techniques for URLs and Filenames[EB/OL]. [2022-08-10]. https://www.doc88.com/p-2502951904428.html.
[10]	ZHOU Dongjie. Measurement and Research on New Expansion and Security of Domain Name System[D]. Zhengzhou: Information Engineering University, 2019.
	周东杰. 对域名系统新型扩展及安全问题的测量研究[D]. 郑州: 战略支援部队信息工程大学, 2019.
[11]	DIAO Jiawen. Survey of DNS Covert Channel[J]. Journal on Communications, 2021, 42(5): 164-178. doi: 10.11959/j.issn.1000-436x.2021090
[12]	ZHANG Meng. Identification of DNS Covert Channel Based on Improved Convolutional Neural Network[J]. Journal on Communications, 2020, 41(1): 169-179. doi: 10.11959/j.issn.1000-436x.2020017
[13]	SUN Y, JIAN K, CUI L, et al. Online Malicious Domain Name Detection with Partial Labels for Large-Scale Dependable Systems[J]. Journal of Systems and Software, 2022, 190: 111322-111333. doi: 10.1016/j.jss.2022.111322 URL
[14]	CHEN Lili. Research on Malicious Domain Name Detection Technology Based on Improved Character Characteristics[D]. Beijing: North China University Of Technology, 2021.
	陈娌砺. 一种基于改进的字符特征的恶意域名检测技术研究[D]. 北京: 北方工业大学, 2021.
[15]	XIA Fanglong. Research and Implementation of Malicious Similar Domain Name Detection System[D]. Beijing: Beijing University of Posts and Telecommunications, 2021.
	夏方龙. 恶意相似域名检测系统的研究与实现[D]. 北京: 北京邮电大学, 2021.
[16]	VALLINA P, LE POCHAT V, FEAL Á, et al. Mis-Shapes, Mistakes, Misfits: An Analysis of Domain Classification Services[C]// ACM. Proceedings of the ACM Internet Measurement Conference. New York: ACM, 2020: 598-618.
[17]	JIA Lele. Research on the Value Evaluation of Network Domain Name —— Taking Ctrip as an Example[J]. Modern Business Trade Industry, 2021, 42(4): 48-50.
	贾乐乐. 网络域名价值评估研究——以携程为例[J]. 现代商贸工业, 2021, 42(4): 48-50.

Pcap数据包数量	数据规模	数据大小/MB	数据包数量/个	唯一域名数量/个
1	Small-01	14.9	103909	9837
1	Big-01	27.6	194495	13802
8	Small-02	34	261860	12244
8	Big-02	162	1139023	40221
15	Small-03	62.2	480121	17264
15	Big-03	177	1293247	47916

特征目录^[13]	分层匿名化算法		基于字符空间构造的匿名化算法
特征目录^[13]	特征	说明	特征	说明
结构特征	Domain name length	域名长度	Domain name length	域名长度
	Number of subdomains	子域名个数	Number of subdomains	子域名个数
	Length of subdomains	子域名长度	Length of subdomains	子域名长度
	Contains TLD as subdomain	子域名包含TLD	Contains TLD as subdomain	子域名包含TLD
			Ratio of digit-exclusive subdomains	非数字字符在子域名内的占比
			Ratio of vowels-exclusive subdomains	非元音字符在子域名内的占比
			Ratio of consonants-exclusive subdomains	非辅音字符在子域名内占比
语义特征			Ratio of vowels	元音字符的占比
			Ratio of digits	数字的占比
			Ratio of consonants	辅音的占比

数据规模	分层匿名化算法		基于字符空间构造的域名匿名化算法
数据规模	对应不同匿名结果的相同域名重复数量	对应相同匿名结果的不同域名数量	对应不同匿名结果的相同域名重复数量	对应相同匿名结果的不同域名数量
Small-01	0	8	0	0
Big-01	0	6	0	0
Small-02	0	24	0	0
Big-02	0	65	0	0
Small-03	0	36	0	0
Big-03	0	134	0	0