[1] |
BARNES R , SCHNEIER B , JENNINGS C ,et al. Confidentiality in the face of pervasive surveillance:a threat model and problem statement[S]. IETF RFC 7624, 2015.
|
[2] |
王垚, 胡铭曾, 李斌 ,等. 域名系统安全研究综述[J]. 通信学报, 2007,28(9): 91-103.
|
|
WANG Y , HU M , LI B ,et al. Survey on domain name system secu-rity[J]. Journal on Communications, 2007,28(9): 91-103.
|
[3] |
单既如, 罗万明 . 互联网域名系统安全管理的现状及研究进展[J]. 数据通信, 2009,2009(2): 17-19.
|
|
SHAN J , LUO W . The present situation and research progress of internet domain name system security management[J]. Data Com-munications, 2009,2009(2): 17-19.
|
[4] |
柳青 . 我国互联网域名系统的安全问题[J]. 现代电信科技, 2010,2010(4): 9-11.
|
|
LIU Q . The security issues of Chinese DNS[J]. Modern Science &Technology of Telecommunications, 2010,2010(4): 9-11.
|
[5] |
MOCKAPETRIS P . Domain names concepts and facilities[S]. IETF RFC 1034, 1987,11.
|
[6] |
DNS RFC[EB/OL]. .
|
[7] |
DNS Ecosystem[EB/OL]. .
|
[8] |
LEVINE J . DNS blacklists and whitelists[S]. IETF RFC 5782, 2010.
|
[9] |
LEIGHTON T . Improving performance on the Internet[J]. Communications of the ACM, 2009,52(2): 44-51.
|
[10] |
2016 Dyn cyberattack[EB/OL]. .
|
[11] |
Turkey DNS[EB/OL]. .
|
[12] |
China DNS[EB/OL]. .
|
[13] |
Chinese CN[EB/OL]. .
|
[14] |
ATKINS D . Threats analysis of the domain name system(dns)[S]. IETF RFC 3833, 2004.
|
[15] |
DNS threat analysis[EB/OL]. .
|
[16] |
Towards improving DNS security,stability,and resiliency[EB/OL]. .
|
[17] |
SCHOMP K , CALLAHAN T , RABINOVICH M ,et al. Assessing DNS vulnerability to record injection[C]// The International Conference on Passive and Active Measurement. 2014: 214-223.
|
[18] |
Black Ops 2008:It’s the end of the cache as we know it[EB/OL]. .
|
[19] |
DAGON D , PROVOS N , LEE C ,et al. Corrupted DNS resolution paths:the rise of a malicious resolution authority[C]// The Network and Distributed System Security Symposium(NDSS 2008). 2008.
|
[20] |
XU K , BUTLER P , SAHA S ,et al. DNS for massive-scale command and control[J]. IEEE TDSC, 2013,10(3): 143-153.
|
[21] |
MOHAISEN A . Evaluation of privacy for DNS private exchange[S]. IETF Internet Draft, 2015-05.
|
[22] |
BORTZMEYER S . DNS privacy considerations[S]. IETF RFC7626, 2015.
|
[23] |
ROSSEBO J , CADZOW S , SIJBEN P ,et al. A threat,vulnerability and risk assessment method and tool for europe[C]// The International Conference on Availability,Reliability and Security. 2007: 925-933.
|
[24] |
KONINGS B , BACHMAIER C , SCHAUB F ,et al. Device names in the wild:Investigating privacy risks of zero configuration networking[C]// The International Conference on Mobile Data Management. 2013: 51-56.
|
[25] |
KRISHNAN S , MONROSE F . DNS prefetching and its privacy implications:when good things go bad[C]// The 3rd USENIX Conference on Large-scale Exploits and Emergent Threats:Botnets,Spyware,Worms,and More. 2010:10.
|
[26] |
BANSE C , Herrmann D , FEDERRATH H . Tracking users on the Internet with behavioral patterns:evaluation of its practical feasibility[M]// Information Security and Privacy Research. Berlin Heidelberg: SpringerPress, 2012 235-248
|
[27] |
OpenDNS[EB/OL]. .
|
[28] |
Google Public DNS[EB/OL]. .
|
[29] |
SCHOMP K , CALLAHAN T , RABINOVICH M ,et al. On measuring the client-side DNS infrastructure[C]// The Conference on Internet Measurement Conference. 2013: 77-90.
|
[30] |
PANG J , AKELLA A , SHAIKH A ,et al. On the Responsiveness of DNS-based Network Control[C]// The 4th ACM Sigcomm Conference on Internet Measurement 2004. 2004: 21-26.
|
[31] |
CALLAHAN T , ALLMAN M , RABINOVICH M . On modern DNS behavior and properties[J]. ACM Sigcomm Computer Communication Review, 2013,43(3): 7-15.
|
[32] |
SHULMAN H , WAIDNER M . Towards security of Internet naming infrastructure[C]// Computer Security-ESORICS 2015. 2015.
|
[33] |
ATENIESE G , MANGARD S . A new approach to DNS security(DNSSEC)[C]// The 8th ACM conference on Computer and Communications Security. 2001: 86-95.
|
[34] |
BAU J , MITCHELL J . A security evaluation of DNSSEC with NSEC3[C]// Network and Distributed System Security Symposium(NDSS 2010). 2010.
|
[35] |
VantioTM AuthServe. Authoritative DNS[EB/OL]. .
|
[36] |
ICANN Research[EB/OL]. .
|
[37] |
HERZBERG A , SHULMAN H . DNSSEC:security and availability challenges[C]// Communications and Network Security. 2013:365366.
|
[38] |
LIAN W , RESCORLA E , SHACHAM H ,et al. Measuring the practical impact of DNSSEC deployment[C]// USENIX Security 2013. 2013: 573-588.
|
[39] |
US-CERT[EB/OL]. .
|
[40] |
ZHU L , HU Z , HEIDEMANN J ,et al. Connection-oriented DNS to improve privacy and security[C]// ACM Conference on Sigcomm. 2015: 379-380.
|
[41] |
HU Z , ZHU L.HEIDEMANN J ,et al. DNS over TLS:initiation and performance considerations[S]. IETF Internet Draft, 2015.
|
[42] |
REDDY T,WING , PATIL P . DNS over DTLS(DNSoD)[S]. IETF Internet Draft, 2015.
|
[43] |
RESCORLA E.Datagram transport layer security version 1 . 2[S]. IETF RFC6347, 2012.
|
[44] |
SHULMAN H , . Pretty bad privacy:pitfalls of DNS encryption[C]// The Workshop on Privacy in the Electronic Society. 2014: 191-200.
|
[45] |
DAGON D , ANTONAKAKIS M , VIXIE P ,et al. Increased DNS forgery resistance through 0x20-bit encoding[C]// ACM CCS’08. 2008: 211-222.
|
[46] |
HERZBERG A , SHULMAN H . DNS authentication as a service:preventing amplification attacks[C]// ACM ACSAC’14. 2014: 356-365.
|
[47] |
SCHOMP K , ALLMAN M , RABINOVICH M . DNS resolvers considered harmful[C]// ACM Workshop on HotNets. 2014: 1-7.
|
[48] |
SCAIFE N , CARTER H , TRAYNOR P . OnionDNS:a seizure-resistant top-level domain[C]// Communications and Network Security. 2015: 379-387.
|
[49] |
ANTONAKAKIS M , PERDISCI R , LEE W ,et al. Detecting malware domains at the upper DNS hierarchy[C]// The 20th USENIX Conference on Security. 2011: 21-27.
|
[50] |
GAO H , YEGNESWARAN V , CHEN Y ,et al. An empirical reexamination of global DNS behavior[J]. ACM Sigcomm Computer Communication Review, 2013,43(4): 267-278.
|
[51] |
HAO S , FEAMSTER N , PANDRANGI R . Monitoring the initial DNS behavior of malicious domains[C]// ACM Sigcomm Conference on Internet Measurement. 2011: 269-278.
|
[52] |
YADAV S , REDDY A , RANJAN S ,et al. Detecting algorithmically generated malicious domain names[C]// ACM Sigcomm Conference on Internet Measurement 2010. 2010: 48-61.
|
[53] |
PERDISCI R , CORONA I , GIACINTO G . Early detection of malicious flux networks via large-scale passive DNS traffic analysis[J]. IEEE Transactions on Dependable and Secure Computing, 2012,9(5): 714-726.
|
[54] |
SCHOMP K , RABINOVICH M , ALLMAN M . Towards a model of DNS client behavior[C]// PAM 2016. 2016: 263-275.
|
[55] |
JONES B , FEAMSTER N , PAXSON V ,et al. Detecting DNS root manipulation[M]// Passive and Active Measurement.Berlin:Springer. 2016.
|
[56] |
LUO P , TORRES R , ZHANG Z ,et al. Leveraging client-side DNS failure patterns to identify malicious behaviors[C]// Communications and Network Security. 2015: 406-414.
|
[57] |
BILGE L , KIRDA E , KRUEGEL C ,et al. EXPOSURE:Finding malicious domains using passive DNS analysis[C]// The Network and Distributed System Security Symposium(NDSS 2011). 2011.
|
[58] |
ANTONAKAKIS M , PERDISCI R , DAGON D ,et al. Building a dynamic reputation system for DNS[C]// Usenix Security. 2010: 18-36.
|
[59] |
ZHAO F , HORI Y , SAKURAI K . Analysis of privacy disclosure in DNS query[C]// The International Conference on Multimedia and Ubiquitous Engineering. 2007: 952-957.
|
[60] |
ZHAO F , HORI Y , SAKURAI K . Two-servers PIR based DNS query scheme with privacy-preserving[C]// IEEE International Conference on Intelligent Pervasive Computing. 2007: 299-302.
|
[61] |
CASTILLO-PEREZ S , GARCIA-ALFRO J . Evaluation of two privacy preserving protocols for the DNS[C]// The International Conference on Information Technology:New Generations. 2009: 411-416.
|
[62] |
HERRMANN D , FUCHS K , LINDEMANN J ,et al. EncDNS:a lightweight privacy-preserving name resolution service[C]// Computer Security-ESORICS 2014. 2014: 37-55.
|
[63] |
LU Y , TSUDIK G . Towards plugging privacy leaks in the domain name system[C]// IEEE 10th International Conference on Peer-toPeer Computing. 2010: 1-10.
|
[64] |
DNSSEC deployment report[EB/OL]. .
|