Research On DDoS Attack Detection And Evaluation Algorithm For Recursive Domain Name Servers

As a core service of the Internet,DNS is vulnerable to DDoS attacks because of its own importance and the vulnerabilities of protocols.DNS DDoS attacks will cause the domain name of the DNS service domain to be unresolved,which in turn will prevent users from accessing the Internet.It focuses on recursive DNS-based DDoS attack detection and evaluation algorithms.The attack detection algorithm helps early detection of DDoS attacks and measures are taken in time to prevent the server from being affected by attacks.The evaluation algorithm can evaluate the performance of recursive DNS anti-DDoS attacks when DDoS attacks are detected,which helps to make effective and timely Subsidy measures.This article mainly studies the following:(1)In view of the lack of off-the-shelf attack tools,it studies the generation of DDoS attack tools for recursive DNS.Use this tool to generate recursive DNS-based DDoS query and reflection amplification attacks based on the DNS protocol.To implement this tool,first analyze the principle of two attack methods,get the characteristics of DDoS attacks in IP forgery,domain name randomness and other five aspects;according to these characteristics,design and implement DDoS attacks with different features such as attack frequency and amplification factor.Tests show that this article reproduces two types of attacks better.(2)For the current DNS DDoS attack detection,there are few detection features such as missed misjudgment and single detection type.It studies recursive DNS DDoS attack detection algorithm based on logistic regression.According to the characteristics of DDoS attacks,the characteristics of traffic changes on recursive DNS are analyzed.14 traffic characteristics such as user TTL variance and request response ratio are obtained.Logistic regression algorithm is used to train and optimize the algorithm to obtain detection algorithm.Through testing,it is found that the algorithm can detect whether the recursive DNS is attacked,and the classification accuracy of the type of attack suffered exceeds 80%.(3)Aiming at the lack of recursive DNS-oriented anti-DDoS attack performance research,it studies recursive DNS anti-DDoS attack performance evaluation algorithm based on polynomial regression.First describe the performance of the DDoS attack and determine the target of the evaluation.Then perform feature analysis to determine the eight characteristics that affect recursive DNS anti-DDoS attack performance,such as cache size,control permissions,etc.;use the DDoS attack tool to initiate different degrees of recursive DNS.The DDoS attack obtains the DDoS attacks that the recursive DNS can bear.The polynomial regression algorithm is used to train the evaluation algorithm.After testing,the prediction data of the algorithm is plotted against the real data.The trajectories and trends of the two are relatively consistent and the fitting degree is above 0.8.