Font Size: a A A

Research And Implementation Of Domain Name Parsing Preprocessing Method Based On DNS Log

Posted on:2020-12-13Degree:MasterType:Thesis
Country:ChinaCandidate:S LiFull Text:PDF
GTID:2428330578457162Subject:Computer technology
Abstract/Summary:
Many universities and research institutions have joined the IPv6 network.Some well-known websites,such as www.sina.com.xn,www.qq.com,and www.google.com,have supported IPv6 access.Since the IPv6 protocol does not operate independently in the network,IPv4 and IPv6 are usually used simultaneously in the network device.Therefore,some problems in the operation of the IPv6 protocol are covered by the IPv4 protocol.In this paper,the IPv6 misconfiguration problem in the campus network is studied.Due to the IPv6 domain name configuration error,the IPv6 domain name resolution fails,resulting in multiple useless queries by the DNS,affecting the Internet experience and wasting DNS resources.This paper proposes a cache resolution solution based on cache Redis.With the widespread use of the network,various malicious attacks have appeared on the network,and the DNS may become a tool for attackers to launch attacks.In order to achieve the purpose of vacious attacking,the attacker will exploit the vulnerabilities of the software program to spread the malicious bots widely,waiting for the time to control the zombie host and launch the attack.Therefore,the detection of malicious domain names is an important measure to lift the current network threats and improve network security.In view of the above two problems,this paper proposes a method of pre-resolving domain name resolution to implement cache parsing of IPv6 misconfigured domain names and detection of malicious domain names.The specific research content mainly includes the following two modules:(1)IPv6 configuration error domain name cache parsing module:Based on the fast execution speed of the Redis database and the aging time of the data can be set,this paper selects Redis as the data storage library,and will export the query AAAA record from the DNS log and the domain name domain name query is frequent.The domain name is stored in the Redis database,and the domain name is matched to the domain name to be queried,and the interception reply or the query forwarding is performed according to the matching result.(2)Malicious domain name detection module:This paper proposes a voice-based malicious domain name detection feature based on English pronunciation characteristics.This paper selects the character and voice features of the domain name as the characteristics of malicious domain name detection,selects C4.5 as the classification algorithm,trains the decision tree by extracting the character and voice features of the training data set,and tests the speech and character features based on the test data set.Evaluation index of the accuracy rate of the malicious domain name detection algorithm.In order to ensure the resolution efficiency of the domain name server and improve the security of the campus network,this paper adopts the bypass resolution scheme.When the domain name is first queried in the DNS and matching fails,it will be released directly,and the query domain name will be passed to the malicious domain name.The detection module stores the detected malicious domain name in the Redis database.When the domain name is queried again,it can directly participate in the matching,which does not affect the domain name query rate,improves the security of the network,and reduce the recursive queries of the IPv6 misconfiguration domain name.Domain name preprocessing method by identifying and detecting malicious domain names and IPv6 incorrectly configuring domain name detection improves the security of the campus network,reduces the number of DNS domain name recursive queries and improves network security.
Keywords/Search Tags:IPv6 Misconfiguration, Malicious Domain Name, Voice Feature, C4.5
Related items