A Research On DNS Against Cache Poisoning Based On Mimic Defense Architecture

Domain Name System(DNS)is a core service that maintains Internet activity.Once the DNS system is attacked,it could cause the DNS service to crash.The most common DNS attack is DNS cache poisoning attack.If the DNS server cache records are polluted,user access to the polluted domain name through the victim server will be redirected to the malicious IP address controlled by the attacker.This paper adopts mimic defense architecture to carry out a research of DNS against cache poisoning.Mimic defense is a new defense architecture based on Dynamic Heterogeneous Redundancy(DHR),which is an active defense mechanism.A mimic defense system uses dynamic scheduling to transform its attack surface,which makes it difficult for attackers to obtain system information through empirical methods such as trial and error,thus increasing the attack difficulty,as well as improving the fault tolerance ability of the system through multi-parameter arbitration.Mimic defense can effectively resist new attacks and unknown threats in the network and improve the security and stability of network devices.According to the above ideas,this paper proposes a DNS based on mimic defense architecture,called mimic DNS for short.In the first place,a pool of heterogeneous DNS executors is constructed in the mimic DNS.At the beginning of each scheduling period,the dynamic scheduling module extracts some executors from the executor pool as the online executors of the period according to the scheduling strategy,and then the I/O agent module distributes DNS requests.In addition,a multi-index mimic voting algorithm based on improved AHP-FCE model is proposed as the multi-parameter arbitration strategy.The algorithm divides the output results of the executors into several evaluation objects,calculates the consistency,historical confidence and heterogeneity indexes of these evaluation objects,and uses the improved AHP-FCE model to comprehensively analyze and evaluate these indexes,and finally obtains the optimal choice.After the arbitration,the abnormal information is fed back to the dynamic scheduling module,which performs offline cleaning on the abnormal executors,eliminates malicious cache,and forms a closed-loop negative feedback adjustment mechanism.The control instructions between the dynamic scheduling module and the executors are encrypted by the chaotic compression encryption algorithm,and further combined with RSA encryption to ensure the security of identity authentication and chaotic compression encryption key transmission.In this paper,the algorithm is developed and applied to the mimic DNS.The defense performance of the mimic DNS against DNS cache poisoning attack is evaluated experimentally.First of all,the new DNS cache poisoning attack SAD DNS is used to comprehensively evaluate the defense performance of several single DNS server with non-mimic architectures.Then,the multi-index mimic voting algorithm based on improved AHP-FCE model is compared with majority voting to verify its performance.Finally,based on the above results,the non-mimic DNS server with the best performance and the mimic DNS are selected for repeated comparison experiments to compare their defense performance against cache poisoning attacks.Experimental data show that under repeated experiments,the correct reply rate of the non-mimic DNS server Bind9 is only42.3%,but the correct reply rate of the mimic DNS is still 60.2% under the maximum attack intensity,and the correct reply rate is more than 80% under low attack intensity.The experimental results show that the mimic DNS can effectively reduce the success rate of DNS cache poisoning attack,and has higher security and robustness than non-mimic DNS servers.Finally,the time performance of the pseudo DNS system is tested.