| Nowadays,with the continuous development of network technology,network security problems have gradually become prominent.Malicious network attacks and traffic activities will cause huge damages to the network ecology and order.As an important link of the network system operation,the network infrastructure can easily become the target of attacks.DNS infrastructure,the solution for most domain name resolution in the Internet,once encounters a security threat will bring immeasurable impact on the entire network it manages.One of the most serious threats is DNS cache pollution.In order to analyze the cache pollution situation and pollution influence of DNS interactive message records,this paper will monitor the DNS traffic between Jiangsu Provincial Network and the CERNET backbone network,design a cache pollution detection method,achieve DNS resolution confidence level assessment and assist the construction of network security awareness system.First of all,a DNS cache pollution detection model is built in this paper to realize the determination method of cache pollution of DNS interaction packets.Based on the characteristics of packet fields,the statistical rules of packets and the relationship of parsing associations,this paper designs a fast-filtering algorithm for packet records and a verification algorithm of comparison for suspected records,which can quickly locate contaminated records from massive DNS data and ensure a relatively high detection efficiency.The integrated utilization of all types of DNS records improves the data coverage and accuracy of judgment.The confidence of the judging results is described according to the confidence of different judgment conditions,which can finally reflect the confidence level of DNS resolution in the entire network.Secondly,this paper analyzes the influence of cache pollution records and discover potential cache pollution attacks in the network.Pollution records are classified according to the packet field logic and cache pollution impact evaluation indicators are put forward in spatial and quantitative dimensions for impact analysis of different type of records and response servers.Furthermore,the detection of cache pollution attack behavior,combined with the statistical law of network traffic when DNS attack occurs,is designed based on a simplified cumulative sum algorithm for the discovery of potential cache pollution attack and the realization of DNS traffic security alarm.Finally,a domain name resolution monitoring system is implemented to realize the real-time detection and confidence evaluation of DNS cache pollution.Based on the DNS cache pollution detection model,the process of data storage,detection,update and output is described in detail,mainly including the establishment,update and maintenance of the blacklist and whitelist,as well as the output form and content of the pollution situation,etc.Verification of the feasibility and authenticity of the monitoring system is carried out through real data analysis. |
PDF Full Text Request