Research On DNS Attack Detection And Defense Technology

With the fast development of the Internet, people's life and work become more and more easy. However, the breaking security events warn us that the Internet is far more weak than I thought. As the basic Internet infrastructure, DNS (Domain Name Service) systems are irreplaceable to insure the regular service of the Internet. The security state of the DNS is the base of the security and efficiency of the internet, so it's crucial to research on the security of the DNS.Because of the insufficient considering on security issues, the DNS protocol has some crisis weakness since it's designed, which leads to today's all kinds of threatens. This paper introduced the system structure and the working principle of DNS. Then detailed analysis of existing vulnerability in DNS system was given from aspects of design, implementation and operation respectively. Attacks were also introduced according to the corresponding vulnerability.The attacks towards DNS systems are frequently reported, in which the flow attacks are most harmful, so chapter three improved some detect method for DNS flow attacks in the anomaly detect aspect.This paper proposed to use rough set theory to detect DNS attack, analyzed the detection modal and the experimental results. After that, to augment the detect object and to consummate the detect result, it gave a RDM (Recombination Detect Modal) with the integrating of the misuse detect method, which could serve as a full security detect platform for DNS.In the last chapter, it has been improved added spread protocol group communication to DNS dynamic update. It is also given the new system architecture to implement this view and the three layer model. It is described the specific mechanisms to implement the new architecture in detail and introduced the hand-shake protocol to accomplish the authentication between the DHCP server to the DNS server and the control of the group communication update permission, analyzed the advantages and the disadvantages of the new architecture. In the end of the paper, it researched other methods to defend the DNS attack.