基于DNS的感染主机分布监测技术研究

Research on Distribution Monitoring of Infected Hosts Based on DNS

基于DNS的技术原理,通过各节点部署DNS节点监测系统,监测并分析各节点解析控制端目标域名的DNS的响应数据,多次尝试探测并对数据进行建模分析,最终获取感染主机的地区分布情况和感染木马类型.并通过优化的节点管理调度方案,在不借助第三方手段情况下掌握某种病毒的爆发情况,对病毒发作的预防和溯源都有很好的作用,进一步形成全球范围的病毒感染风险监测态势.

Based on the principle of DNS technology,this paper deploys a DNS node monitoring system to monitor and analyze the DNS response data of each node to analyze the target domain name of the control terminal,tries to detect and model the data several times,and finally obtains the distribution of the infected hosts and the types of Trojan virus.And through the optimized node management scheduling scheme,without the help of third-party means to grasp the outbreak of a virus,which can play an important role in the prevention and traceability of virus attack,and further form a worldwide monitoring situation of the virus infection risk.