| DNS guarantees Internet running properly and provides convenient network service for users as the most fundamental Internet service system. DNS security problems become increasingly prominent with the rapid development of Internet, and various attacks against DNS happened frequently, resulting in great impact on the efficiency of the entire network running. Therefore, it becomes especially important to detect the network attack behavior promptly.The DNS often faces threats of different attacks due to the lack of consideration about the systems’ own security in the original design. This paper mainly introduces DNS structure, DNS protocol and working principle briefly, and then introduces several common ways of DNS attacks on DNS vulnerability.At present, studies of DNS attack detection technology has got some achievements, but there are still many detection methods need to be completed. This paper puts forward two detection algorithm corresponding with the DNS attack after summarizing the predecessors’ researches. Firstly, Taking DNS Query Flood attacks for example. It sends a lot of fake DNS requests to the DNS server which consumes the DNS server resources and causes service denial. So it is very important to detect such attack in time. This paper sums up the characteristics of DNS Query Flood attack based on the study of the DNS resolution process. Its characteristics are that the network traffic will increase rapidly and the success rates of resolution will decrease when the attack happens. We can judge whether a network is normalities according to the characteristics and the information entropy, and then use sliding window mechanism to determine whether there is any attack happening. Secondly, DNS spoofing attack is one of the most popular ways of DNS attacks. It mainly forges the DNS response datagram according to the ID in the DNS request datagram which monitors and sends the response to the client in advance, and makes the websites redirect to others. We summarize the characteristics of DNS spoofing attack according to its principle. Under the normal circumstances, the DNS system will not send multiple responses for the same domain name request unless the attack occurs. Besides, the response datagram, without the authorization resource records and additional resource records,is much simpler than the normal one. We put forward a detection algorithm and relevant defense based on the monitoring and statistical techniques to determine whether DNS spoofing attack occurs. The validity of the two algorithms are verified through the simulation experiment. As the experiment proved, the above two kinds of detection algorithm detect the corresponding DNS attack are more effectively. |
PDF Full Text Request