域名系统(domain name system,DNS)测量研究是深入理解DNS的重要研究方式.从组件、结构、流量、安全4个方面对近30年(1992–2019)的DNS测量研究工作梳理出18个主题.首先,介绍组件测量,组件有解析器和权威服务器两种,解析器测量包括公共...域名系统(domain name system,DNS)测量研究是深入理解DNS的重要研究方式.从组件、结构、流量、安全4个方面对近30年(1992–2019)的DNS测量研究工作梳理出18个主题.首先,介绍组件测量,组件有解析器和权威服务器两种,解析器测量包括公共解析器、开放解析器、解析器缓存、解析器选择策略4个主题,权威服务器包括性能、任播部署、托管、误配置4个主题.其次,阐述结构测量,包括桩解析器与解析器的依赖结构、解析器间依赖结构、域名解析依赖结构3个主题.然后,描述流量测量,包括查询流量特征、异常根查询流量、流量拦截共3个主题.最后综述了安全测量,包括DNSSEC代价与隐患、DNSSEC部署进展、加密DNS部署、恶意域名检测4个主题.展开更多
Fast-flux is a Domain Name System(DNS)technique used by botnets to organise compromised hosts into a high-availability,loadbalancing network that is similar to Content Delivery Networks(CDNs).Fast-Flux Service Network...Fast-flux is a Domain Name System(DNS)technique used by botnets to organise compromised hosts into a high-availability,loadbalancing network that is similar to Content Delivery Networks(CDNs).Fast-Flux Service Networks(FFSNs)are usually used as proxies of phishing websites and malwares,and hide upstream servers that host actual content.In this paper,by analysing recursive DNS traffic,we develop a fast-flux domain detection method which combines both real-time detection and long-term monitoring.Experimental results demonstrate that our solution can achieve significantly higher detection accuracy values than previous flux-score based algorithms,and is light-weight in terms of resource consumption.We evaluate the performance of the proposed fast-flux detection and tracking solution during a 180-day period of deployment on our university’s DNS servers.Based on the tracking results,we successfully identify the changes in the distribution of FFSN and their roles in recent Internet attacks.展开更多
文摘域名系统(domain name system,DNS)测量研究是深入理解DNS的重要研究方式.从组件、结构、流量、安全4个方面对近30年(1992–2019)的DNS测量研究工作梳理出18个主题.首先,介绍组件测量,组件有解析器和权威服务器两种,解析器测量包括公共解析器、开放解析器、解析器缓存、解析器选择策略4个主题,权威服务器包括性能、任播部署、托管、误配置4个主题.其次,阐述结构测量,包括桩解析器与解析器的依赖结构、解析器间依赖结构、域名解析依赖结构3个主题.然后,描述流量测量,包括查询流量特征、异常根查询流量、流量拦截共3个主题.最后综述了安全测量,包括DNSSEC代价与隐患、DNSSEC部署进展、加密DNS部署、恶意域名检测4个主题.
基金supported by the National Basic Research Program of China(973 Program)under Grant No.2013CB329603Huawei Innovation Research Program+1 种基金the Opening Project of Key Laboratory of Information Network Security of Ministry of Public Security under Grant No.C11608the National Natural Science Foundation of China under Grant No.61271220
文摘Fast-flux is a Domain Name System(DNS)technique used by botnets to organise compromised hosts into a high-availability,loadbalancing network that is similar to Content Delivery Networks(CDNs).Fast-Flux Service Networks(FFSNs)are usually used as proxies of phishing websites and malwares,and hide upstream servers that host actual content.In this paper,by analysing recursive DNS traffic,we develop a fast-flux domain detection method which combines both real-time detection and long-term monitoring.Experimental results demonstrate that our solution can achieve significantly higher detection accuracy values than previous flux-score based algorithms,and is light-weight in terms of resource consumption.We evaluate the performance of the proposed fast-flux detection and tracking solution during a 180-day period of deployment on our university’s DNS servers.Based on the tracking results,we successfully identify the changes in the distribution of FFSN and their roles in recent Internet attacks.
