基于DNS分析恶意行为检测的研究

Research on malicious behavior detection based on DNS

下载PDF

导出

摘要 DNS是互联网的重要基础设施,现阶段DNS安全问题已经成为互联网安全可靠运行亟待解决的安全问题。本文对现有Notos、Exposure、Kopis3种DNS信誉检测系统进行了梳理,提出了采用机器学习基于时间特征、域名特征、信誉特征3种统计特性的DNS分析恶意行为检测系统。 DNSis a fundamental component of the Internet.At this stage,the security ofDNShas become an urgent problem to be solved which can ensure the reliable operation of the Internet.The paper reviews three reputation systems for DNS:Notos,Exposure,Kopis.In the paper,we present a reputation systems for DNS of the malicious behavior detection,which extracts three statistical featuresby machine learning,the characteristics are time-based,domain-based and reputation-based.

作者白凡 BAI Fan

机构地区中国电信股份有限公司天津分公司

出处《电信网技术》 2017年第8期80-83,共4页 Telecommunications Network Technology

关键词恶意行为 DNS分析机器学习时间特征域名特征信誉特征 malicious behavior DNSanalysis machine learning Time-based features domain-based features Reputationbased features

分类号 TP393.08 [自动化与计算机技术—计算机应用技术]

引文网络
相关文献

参考文献2

1吕品,柳厅文,张洋,亚静,时金桥.基于域名的恶意行为检测技术[J].信息通信技术,2016,10(6):23-30. 被引量：1
2季成,李晓东,袁坚,尉迟学彪,山秀明.基于k-means算法的DNS查询模式分析[J].清华大学学报（自然科学版）,2010,50(4):601-604. 被引量：5

二级参考文献7

1Danzig P B, Obraezka K, Kumar A. An analysis of wide-area name server traffic: A study of the internet domain name system [C]//ACM SIGCOMM Computer Communication Review. New York, 1992, 22(4): 281-292.
2Wessels D, Fomenkov M. Wow, that's a lot of packets [C]//Proc Passive and Active Network Measurement Workshop (PAM). San Diego, 2003.
3Brownlee N, Claffy K, Nemeth E. DNS measurements at a root server [C]//6th Global Internet Symposium. San Antonio, TX, 2001.
4Xu W, Kirkpatrick B, Lacoste-Julien S. Analyzing root DNS traffie [EB/OL] (2004). http://www. eecs. berkeley. edu/ bbkirk/papers/es262a- 2004. pdf.
5Jung J, Sit E, Balakrishnan H, et al. DNS performance and the effectiveness of caching [J]. IEEE/ACM Trans on Networking, 2002, 10(5): 589-603.
6Ishibashi K, Toyono T, Matsuoka H, et al. Measurement of DNS traffic caused by DDoS attack [C]// Proc the Symposium on Applications and the Internet Workshops. Washington, 2005 : 118 - 121.
7Ishibashi K, Toyono T, Toyama K, et al. Detecting mass-mailing worm infected hosts by mining DNS traffic data [C]//Proc the 2005 ACM SIGCOMM Workshop on Mining Network Data. Philadelphia, 2005: 159 - 164.

共引文献4

1郑海山.基于开源软件的DNS查询日志分析系统[J].厦门大学学报（自然科学版）,2017,56(2):252-258. 被引量：1
2贾凡,严妍,张家琪.基于K-means聚类特征消减的网络异常检测[J].清华大学学报（自然科学版）,2018,58(2):137-142. 被引量：21
3胡安磊,谢高岗,苑卫国,魏金侠,付豪.基于顶级域解析日志的递归DNS识别方法[J].高技术通讯,2023,33(9):916-926.
4魏林,刘建毅,王枞.Apriori算法在发现用户网页浏览模式上的应用[J].软件工程与应用,2013,2(6):125-130.

1高岩,林军,云龙,李磊.云计算主机内核虚拟化技术框架及其性能分析[J].计算机系统应用,2017,26(8):278-283. 被引量：5

电信网技术

2017年第8期

浏览历史

内容加载中请稍等...

基于DNS分析恶意行为检测的研究

参考文献2

二级参考文献7

共引文献4

相关作者

相关机构

相关主题

浏览历史