期刊文献+

马尔科夫链在域名信息探测中的应用 被引量:1

APPLICATION OF MARKOV CHAIN IN DOMAIN NAME SYSTEM INFORMATION DETECTION
下载PDF
导出
摘要 域名信息探测是企业网络安全评估和渗透测试的重要内容。针对当前蛮力扫描和DNSenum等基于字典的探测方法普遍存在获取信息不全、过度依赖数据字典的问题,建立了基于Markov链的域名结构模型,提取出域名起始字符集合与分布、状态转移矩阵等域名统计与分布特征,提出了一种新域名的生成算法。对.com、.net和.org三类通用域名进行抽样探测,实验结果表明,该算法在探测域名数量、探测域名集的区分度和探测效率上优于现有方法 DNSenum。 Domain name system (DNS)information detection is an important issue of network security assessment and penetration testing for enterprises.As current brute force scanning and the dictionary-based detection methods such as DNSenum,etc.commonly have the prob-lems of incomplete information acquisition and being over-dependent on data dictionaries,we build the Markov chain-based domains structure model,extract the statistics and distribution features of domain names such as its starting character sets and state transition matrix,and pro-pose a new domains generation algorithm.At last,sampling survey is conducted on three common domain names of .com,.net and .org,ex-perimental result demonstrates that our algorithm performs better than the existing method of DNSenum in terms of the number of domain names detected,the differentiation of detected domain name sets and the detection efficiency.
出处 《计算机应用与软件》 CSCD 2015年第6期152-155,共4页 Computer Applications and Software
基金 安徽省自然科学基金项目(1208085QF107)
关键词 域名信息探测 MARKOV 域名结构模型 域名生成算法 Domain name system information detection Markov chain Domain structure model Domain generating algorithm
  • 引文网络
  • 相关文献

参考文献12

  • 1唐小明,梁锦华,蒋建春,文伟平.网络端口扫描及其防御技术研究[J].计算机工程与设计,2002,23(9):15-17. 被引量:12
  • 2Paul Mockapetris.Domain names-concepts and ficilities(RFC 1034)[S].IETF.http://www.ietf.org/rfc/rfc1034.txt,November 1987.
  • 3Paul Mockapetris.Domain names-implementation and specication(RFC 1035)[S].IETF.http://www.ietf.org/rfc/rfc1035.txt,November 1987.
  • 4Dnsenum[EB/OL].http://code.google.com/p/dnsenum/,December 2012.
  • 5Marchal S,Francois J,State R,et al.Semantic based DNS forensics[C]//2012 IEEE International Workshop on Information Forensics and Security(WIFS),Tenerife,2012:91-96.
  • 6Marchal S,Francois J,Wagner C,et al.Semantic Exploration of DNS[C]//Proceedings of IFIP/TC6 Networking 2012,Prague:Czech Republic,may 21-25,2012.
  • 7Ching Wai Ki,Huang Ximin,Ng Michaelk,et al.Markov Chains:Models,Algorithms and Applications[M].2nd ed.Boston,MA:Springer US,2013.
  • 8Postel J.Domain Name System Structure and Delegation(RFC 1591)[EB/OL].http://tools.ietf.org/html/rfc1591.html,March 1994.
  • 9Klensin J.Internationalized Domain Names for Applications(IDNA):Definitions and Document Framework(RFC 5890)[S].http://www.rfc-editor.org/info/rfc5890,August 2010.
  • 10Klensin J.Internationalized Domain Names for Applications(IDNA):Protocol(RFC 5891)[S].http://www.rfc-editor.org/info/rfc5890,August 2010.

二级参考文献4

  • 1[1]Fyodor.The Art of Scanning[EB/OL].Phrack 51 www. phrack. com
  • 2[2]CERT Advisory CA-96.21: TCP SYN Flooding and IP Spoofing Attacks. 24 September 1996.
  • 3[3]Phrack .Port Scanning without the SYN flag / Uriel Maimon. Phrack 49-15.
  • 4[4]Stuart Staniford, Jams A. Hoagland ,et al. Practical Automated.

共引文献11

同被引文献2

引证文献1

;
使用帮助 返回顶部