| Internet is developing fast all over the world in recent years with its scale growing, making more and more people can access it easily. Services on Internet are becoming richer and begin to cause effects on daily life. Billions of Internet users’ web browsing relies on normal DNS (Domain Name System) service, which is one of the most important infrastructures of Internet. Study on domain name data is helpful for understanding the varying pattern and relationship of domain name. Security study on DNS contributes to building secure infrastructure.The target of this study is DNS traffic. There are three parts in this thesis, including domain name mapping and CNAME (Canonical Name) relationship, DNS traffic analysis platform for GPRS (General Packet Radio Service) user, and DNS DDoS (Distributed Denial of Service) traffic detection. Domain name and CNAME data are generated from capturing and resolving DNS packets. A security problem of protocol caused by name compression is found during the study and a measure for repairing is proposed. Domain data analysis system is designed and implemented to give intermediate data reflecting domain and CNAME relationship. Some statistical rules can be worked out from these data. Implementation of this system is optimized to fully utilize computing resource. Another work is GPRS DNS traffic index system which relates three kinds of traffic with each other. The traffic are signaling, flow record and data packet of user. This system is a data platform for studying GPRS DNS traffic. The last part gives a DNS DDoS detection system based on flow analysis. By data training and setting threshold, abnormal traffic to DNS server is detected and alert is given. This system guarantees the security of DNS. |
PDF Full Text Request