摘要
基于DNS的技术原理,通过各节点部署DNS节点监测系统,监测并分析各节点解析控制端目标域名的DNS的响应数据,多次尝试探测并对数据进行建模分析,最终获取感染主机的地区分布情况和感染木马类型.并通过优化的节点管理调度方案,在不借助第三方手段情况下掌握某种病毒的爆发情况,对病毒发作的预防和溯源都有很好的作用,进一步形成全球范围的病毒感染风险监测态势.
Based on the principle of DNS technology,this paper deploys a DNS node monitoring system to monitor and analyze the DNS response data of each node to analyze the target domain name of the control terminal,tries to detect and model the data several times,and finally obtains the distribution of the infected hosts and the types of Trojan virus.And through the optimized node management scheduling scheme,without the help of third-party means to grasp the outbreak of a virus,which can play an important role in the prevention and traceability of virus attack,and further form a worldwide monitoring situation of the virus infection risk.
作者
王辉
郭延文
王世晋
牛博威
Wang Hui;Guo Yanwen;Wang Shijin;Niu Bowei(Dbappsecurity Co.,Ltd,Hangzhou 310052;Nanjing University,Nanjing 210093;Department of Public Security of Jiangsu Province,Nanjing 210024)
出处
《信息安全研究》
2019年第4期327-332,共6页
Journal of Information Security Research
关键词
僵尸网络
远控木马
威胁情报
感染主机
恶意域名
Botnet
remote control Trojan
threat intelligence
infected host
malicious domain name