| With the rapid development of Internet, network infrastructure and services security becomes more and more important.DNS system as the core infrastructure on the Internet, its security directly determines the safety of the whole network, in recent years, DNS system for frequent attacks, causing a serious impact.Thus, for testing against DNS attacks, is important to protect the network security.DNS protocol designed did not think too much about the safety factor from the beginning, the agreement itself makes DNS vulnerabilities faced security threats.in this paper, the structure of the DNS system works and gives a brief introduction, and the vulnerability of DNS system are analyzed in detail.In this paper, the existing DNS attack detection program conducted an investigation.Traditional intrusion detection technology to detect DNS attacks was lack of targeted effectively,and it can not effectively identify attacks.There are methods to detect network traffic and packet-based detection method based on characteristics of the existing detection methods of attack against DNS. Analysis and comparison of the advantages and disadvantages of existing detection techniques,this paper proposes an improved detection scheme based on the algorithm and Entropy model CUSUM bound.Number of data packets based on the characteristics of DNS,he intrusion Detection feature CUSUM algorithm for DNS traffic improvements.Simultaneously optimize its calculation, removing redundant parameters;based on DNS packets’ feature attributes and distribution characteristics,design information entropy model to detecte data packets.By setting the threshold at double CUSUM algorithm,in large fluctuations flow environments,based on number of data packets’ characterity to detect,in small fluctuations flow environments,suspicious behavior detected by information entropy model properties distributed packet-based features,Realization of different network environments targeted treatment.Finally, according to the testing program for the detection system prototype design and implementation, and carried out experiments in different network environments.according to the tests. The detection model can accurately detect an attack in the attack in the environment of high flow. Also it has a very high detection efficiency. In the attack ofthe small flow environment can be accurately detected attacks while maintaining high detection efficiency.After comparing test and analysis, this test model compared to traditional based on network traffic detection model with higher accuracy and lower false alarm rate. And can adapt to different network environments; Compared with packet-based feature detection model, this model also has a similar accuracy rate with higher detection efficiency. This model between the detection accuracy and detection efficiency are balanced. |
PDF Full Text Request