期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于信息熵的DNS拒绝服务攻击的检测研究 被引量:6

Research on Exploiting DoS Attack Against DNS Based on Information Entropy
下载PDF
导出
摘要 DNS服务器在Internet中具有至关重要的作用,对它进行攻击会影响网络向用户提供正常的服务。DNS Query Flood攻击是最为常见的一种攻击方式,它向DNS服务器发送大量伪造的域名解析请求,消耗DNS服务器的资源,造成拒绝服务。及时检测到此类攻击的存在至关重要。在研究DNS解析过程的基础上,总结DNS Query Flood攻击的特点;根据攻击的特点,结合信息熵来判断网络是否出现异常;利用滑动窗口机制来确定是否存在攻击。 DNS server has a vital role in the Internet,and it will affect the network to provide normal services to users if DNS is attacked.DNS Query Flood attack sends a lot of fake DNS request to the DNS server,consumes the DNS server resources and causes denial of service.So it is very important to detect timely the attack.Based on the study of the DNS resolution process,we summed up the characteristics of the DNS Query Flood attack.According to the characteristics of attack,we combined the information entropy to determine whether a network abnormalities,and then used sliding window mechanism to determine whether there is any attack.
作者 严芬 丁超 殷新春
机构地区 扬州大学信息工程学院
出处 《计算机科学》 CSCD 北大核心 2015年第3期140-143,共4页 Computer Science
关键词 DNS QUERY FLOOD 拒绝服务 域名解析成功率 信息熵 滑动窗口 DNS query flood Denial of service Domain name resolution success rate Information entropy Sliding window
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献8

  • 1Mockapetris P. Domain Names-Concepts and Facilities [S] RFC1034. 1987.
  • 2Eastlake D. Domain Name System Security Extensions[S] RFC2535. 1999.
  • 3宗兆伟,黎峰,翟征德.基于统计分析和流量控制的DNS分布式拒绝服务攻击的检测及防御[C].北京:2009全国计算机网络与通信学术会议.2009.
  • 4黄宸,郑康峰,卢天亮,等.基于信息熵的应用层DDoS攻击检测方法[c]//第十七届全国青年通信学术年会论文集.第二卷,2012:467-472.
  • 5张小妹,赵荣彩,单征,陈静.基于DNS的拒绝服务攻击研究与防范[J].计算机工程与设计,2008,29(1):21-24. 被引量:11
  • 6尚波涛,祝跃飞,陈嘉勇.一种应用层分布式拒绝服务攻击快速检测方法[J].信息工程大学学报,2012,13(5):601-609. 被引量:4
  • 7Abrial J R. The B-book: Assigning Program to Meanings[M]. CUP, 1996.
  • 8Gallier J H. Logic for Computer Science: Foundations of Auto- matic Theorem Proving[M] Publications Dover, 1986.

二级参考文献15

  • 1谢逸,余顺争.基于Web用户浏览行为的统计异常检测[J].软件学报,2007,18(4):967-977. 被引量:42
  • 2[2]Randal Vaughn,Gadi Evron.DNS amplification attacks[EB/OL].http://www.isotf.org/news/DNS-Amplification-Attacks.pdf,2006-03-17.
  • 3[3]ICANN.Root Server Attack on 6 February 2007[EB/OL].http:// www.icann.org/announcements/faetsheet-dns-attack-08mar07.pdf,2007-03.
  • 4[4]Eastlake D.Domain name system security extensions[S].RFC2535,IETF,1999-03.
  • 5[5]The Measurement Factory.Domain name servers:Pervasive and critical,yet often overlooked[EB/OL],http://dns.measurement-factory.com/surveys/suml.html,2006-06-14.
  • 6[7]Athins D.Threat analysis of the domain name system[EB/OL].http://www.ietf.org/interne t-drafts/draft-ietf-dnsext-dns-threats-01,2002.
  • 7[8]Verisign.Anatomy of recent DNS reflector attacks from the vic-tim and reflector point of view[EB/OL].http://www.verisign.com/static/037903.pdf,2006-06-14.
  • 8孙知信,姜举良,焦琳.DDOS攻击检测和防御模型[J].软件学报,2007,18(9):2245-2258. 被引量:34
  • 9Jung J, Krishnamurthy B, Rabinovich M. Flash crowds and denial of services attacks: characterization and implications of CDNs and websites[ C]/! Proceedings of the llth IEEE international World Wide Web Conference. ACM, 2002: 252-262.
  • 10Fang Y, Zhifeng C, Yanlei D, et al. Fast and memory-efficient regular expression matching for deep packet inspection[ C ]// ANCS2006. 2006: 93-102.

共引文献15

同被引文献54

  • 1谢逸,余顺争.基于Web用户浏览行为的统计异常检测[J].软件学报,2007,18(4):967-977. 被引量:42
  • 2孙知信,李清东.基于源目的IP地址对数据库的防范DDos攻击策略[J].软件学报,2007,18(10):2613-2623. 被引量:21
  • 3Niven L. The flight of the horse[M]. Ballantine Books, 1973.
  • 4Bhatia S, Mohay G, Sehmidt D, et al. Modelling web-server flash events[C]//Proceedings of the 11 th IEEE International Sympo- sium on Network Computing and Applieations(NCA). 2012:79-86.
  • 5Li K, Zhou W, Li P, et al. Distinguishing DDoS attacks from flash crowds using probability metrics[C]//Proceedings of IEEE 3rd International Conference on Network and System Se- curity(NSS). 2009 : 9-17.
  • 6J ung J, Krishnamurthy B. Rabinovich M. Flash crowds and deni- al of service attacks:Characterization and implications for CDNs and web sites[ C]//Proceedings of the 1 hh international confe- rence on World Wide Web. ACM,2002:293-304.
  • 7Yu S, Thapngam T, Liu J, et al. Discriminating DDoS flows from flash crowds using information distance [C] /// Proceedings of IEEE 3rd International Conference on Network and System Se- curity (N,). 2009 : 351-356.
  • 8Thapngam T, Yu S, Zhou W, et al. Discriminating DDoS attack traffic from flash crowd through packet arrival patterns[C]// Proceedings of the IEEE International Conference on Computer Communications Workshops. 2011 :952-957.
  • 9Katiyar P, Kumarn U S, Balakrishanan S. Detection and Dis- crimination of DI)oS Attacks from Flash Crowd Using Entropy Variations[J]. International Journal of Engineering Techno logy,2013,5(4):3514.
  • 10Prasad K M,Reddy A R M,Rao K V. Discriminating DITS At tack traffic from Flash Crowds on lnternet Threat Monitors (ITM) Using Entropy Variations[J]. African Journal of Com- puting ,. ICT,2013,6(2):53-62.

引证文献6

二级引证文献14

计算机科学
2015年 第3期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部