基于IPFIX的DNS异常行为检测方法

doi:10.3969/j.issn.1000-436x.2014.z1.002

Abstract

Abstract:

An algorithm based on IPFIX network flow data is proposed.By using proposed algorithm,suspicious and abnormal DNS will be detected accurately,and DNS traffic amplification attack will be distinguished rapidly.This algorithm has been applied in the Tsinghua University campus network.In our practice,DNS abnormal behaviors have been detected and alarm information has been sent to administrators.Thus,abnormal attack behaviors are restrained in time,and the monitoring and warning for abnormal traffic are all realized.

Key words: abnormal behavior, network security, IPFIX; traffic analysis

Yun-long MA,Cai-ping JIANG,Qian-li ZHANG,Ji-long WANG. DNS abnormal behavior detection based on IPFIX[J]. Journal on Communications, 2014, 35(Z1): 5-9.

Figures/Tables 5

References 14

[1]	MARIOS A , GEORGIOS K , PANAGIOTIS K ,et al. DNS amplification attack revisited[J]. Computers & Security, 2013,39: 475-485.
[2]	Arbor Networks. 2012 infrastructure security report[EB/OL]. .
[3]	CHEUNG S . Denial of service against the domain name system[J]. IEEE Security and Privacy, 2006,4(1): 40-45.
[4]	孙红杰, 方滨兴, 张宏莉 . 基于链路特征的 DDoS 攻击检测方法[J]. 通信学报, 2007,28(2): 88-93. SUN H J , FANG B X , ZHANG H L . DDoS attacks detection based on link character[J]. Journal on Communications, 2007,28(2): 88-93.
[5]	GEORGIOS K , TASSOS M , DIMITRIS G ,et al. A fair solution to DNS amplification attacks[A]. Proceedings-2nd International Annual Workshop on Digital Forensics and Incident Analysis[C]. 2007. 38-47.
[6]	MOCKAPETRIS P . Domain names-concepts and facilities[EB/OL]. .
[7]	MOCKAPETRIS P Domain names-implementation and specification[EB/OL]. .
[8]	CHANG Y H , YOON K B , PARK D W . A study on the IP spoofing attack through proxy server and defence thereof[A]. 2013 International Conference on Information Science and Applications[C]. 2013.
[9]	FERGUSON P . FERGUSON P.Network ingress filtering:defeating denial of service attacks which employ IP source address spoofing[EB/OL]. .
[10]	GHOSH A , WONG L , CRESCENZO G D ,et al. Infilter:predictive ingress filtering to detect spoofed IP traffic[A]. Proceedings of the 25th IEEE International Conference on Distributed Computing Systems Workshops[C]. 2005.
[11]	HAINING W , CHENG J , KANG G S . Defense against spoofed IP traffic using hop-count filtering[J]. IEEE/ACM Transactions on Networking, 2007,15(1): 40-53.
[12]	ZHEN H , XIN Y , JAIDEEP C . Controlling IP spoofing throughinterdomain packet filters[J]. IEEE Transactions on Dependable and Secure Computing, 2008,5(1): 22-36.
[13]	CHANGHUA S , BIN L , LEI S . Efficient and low-cost hardware defense against DNS amplification attacks[A]. 2008 IEEE Global Telecommunications Conference,GLOBECOM[C]. 2008. 2062-2066.
[14]	DESHPANDE T , KATSAROS P , BASAGIANNIS S ,et al. Formal analysis of the DNS Bandwidth amplification attack and its countermeasures using probabilistic model checking[A]. Proceedings of IEEE International Symposium on High Assurance Systems Engineering[C]. 2011. 360-367.

Metrics

Recommended 0

No Suggested Reading articles found!

[1]	Shiqi ZHAO, Xiaohong HUANG, Zhigang ZHONG. Research and implementation of reputation-based inter-domain routing selection mechanism [J]. Journal on Communications, 2023, 44(6): 47-56.
[2]	Haiyan KANG, Molan LONG. Research on network attack analysis method based on attack graph of absorbing Markov chain [J]. Journal on Communications, 2023, 44(2): 122-135.
[3]	Hongbin ZHANG, Yan YIN, Dongmei ZHAO, Bin LIU. Network security situational awareness model based on threat intelligence [J]. Journal on Communications, 2021, 42(6): 182-194.
[4]	Tengfei ZHANG, Shunzheng YU. Research prospects of user information detection from encrypted traffic of mobile devices [J]. Journal on Communications, 2021, 42(2): 154-167.
[5]	Xu CHENG, Yingying WANG, Nianjie ZHANG, Zhangjie FU, Beijing CHEN, Guoying ZHAO. Multi-level loss object tracking adversarial attack method based on spatial perception [J]. Journal on Communications, 2021, 42(11): 242-254.
[6]	Tao HUANG, Jiang LIU, Shuo WANG, Chen ZHANG, Yunjie LIU. Survey of the future network technology and trend [J]. Journal on Communications, 2021, 42(1): 130-150.
[7]	Zhiyong LUO,Xu YANG,Jiahui LIU,Rui XU. Network intrusion intention analysis model based on Bayesian attack graph [J]. Journal on Communications, 2020, 41(9): 160-169.
[8]	Hanxun ZHOU,Chen CHEN,Runze FENG,Junkun XIONG,Hong PAN,Wei GUO. Mobile malware traffic detection approach based on value-derivative GRU [J]. Journal on Communications, 2020, 41(1): 102-113.
[9]	JIANG Lyu,ZHANG Hengwei,WANG Jindong. Optimal strategy selection method for moving target defense based on signaling game [J]. Journal on Communications, 2019, 40(6): 128-137.
[10]	Zhiyong LUO, Xu YANG, Guanglu SUN, Zhiqiang XIE, Jiahui LIU. Finite automaton intrusion tolerance system model based on Markov [J]. Journal on Communications, 2019, 40(10): 79-89.
[11]	Shirui HUANG,Hengwei ZHANG,Jindong WANG,Ruiyu DOU. Network security threat warning method based on qualitative differential game [J]. Journal on Communications, 2018, 39(8): 29-36.
[12]	Xiaodong ZANG,Jian GONG,Xiaoyan HU. Detecting malicious domain names based on AGD [J]. Journal on Communications, 2018, 39(7): 15-25.
[13]	Le-yi SHI,Hui SUN,Yu-wen CUI,Hong-bin GUO,Jian-lan LI. Web plug-in paradigm for anti-DoS attack based on end hopping [J]. Journal on Communications, 2017, 38(Z1): 19-24.
[14]	Tao WANG,Hong-chang CHEN,Guo-zhen CHENG. Research on software-defined network and the security defense technology [J]. Journal on Communications, 2017, 38(11): 133-160.
[15]	Tao YIN,Shi-cong LI,Yu-peng TUO,Yong-zheng ZHANG. Modeling and countermeasures of a social network-based botnet with strong destroy-resistance [J]. Journal on Communications, 2017, 38(1): 97-105.

DNS abnormal behavior detection based on IPFIX

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 5

References 14

Related Articles 15

Metrics

Recommended 0