Security Analysis And Attack Detection Of Domain Name Based On Spark

The Domain Name System(DNS)is a very important part of the entire network world.All domain-based applications will resolve their domain names to their server IPs through DNS when providing various services to users.However,with the advancement of global technology,the entire Internet industry technology is constantly changing.Many hackers and malicious organizations use technology to maliciously attack DNS and destroy its normal operating status.Therefore,DNS-related security issues continue to emerge,and all kinds of malicious attacks against the DNS also occur from time to time,which has a considerable impact on the stability of the entire Internet.Therefore,timely detection of various attack behaviors in the network can play a very important role in the supervision and maintenance of the overall operation status and security status of the DNS service.This paper aims to use the big data analysis idea and machine learning related technology and processing method for the massive log data of DNS service.According to the characteristics of DNS data,this paper designs and implements the malicious attack detection method,and extracts the malicious attack behavior data from the DNS data set.The technical are mainly based on the Flume which is a framework of data collection,the Hadoop which is a framework of distributed data storage and the Spark which is a framework of big data computing.The first is to introduce some vulnerabilities in the protocol,implementation and operation of DNS in combination with the architecture and working principle of DNS.Then,the overall scheme of DNS massive data security analysis and attack detection process is designed,and the whole detection is finally implemented according to the design idea.The solution includes the data collection and cleaning process,the data preprocessing,and the core attack data detection process.During the implementation of attack detection,the attack process and attack principle of DNS-related attack behaviors are analyzed,including DDoS(Distributed Denial of Service,DDoS)attacks against DNS,attacks using counterfeit and phishing domain names,generating C&C(Command and Control,C&C)domain names based on DGA(Domain Generation Algorithms,DGA),and forming DNS attacks implemented by botnets,DNS Tunneling attack based on the characteristics of the DNS protocol itself,and Fast-Flux domain name attack;According to their respective attacking principles,the characteristics of each kind of malicious attack behavior and the characteristics of these features on the DNS data set are summarized.At the same time,the relevant extraction and conversion processes are designed to further obtain the deep features hidden in the data set,and then use these feature sets designs and implements detection methods and detection models for different attack behaviors,including direct rule detection methods and detection methods using machine learning classification algorithms provided by Spark.Finally,the detection model is run on the Spark computing platform.The computing task relies on the advantages of Spark's fast calculation to extract each malicious attack data from the original data set in time.These detecting result data can provide security personnel with important data reference for the security status of the current DNS service,and can also greatly help the construction of DNS security defense.At present,the detection scheme has been applied to DNS malicious attack data detection in some bank data centers,and the malicious data can be detected from the massive DNS data collection more accurately,and the overall operation and detection status is good.