Information fusion-based method for distributed domain name system cache poisoning attack detection and identification

Wu Hao; Dang Xianglei; Wang Lidong; He Longtao

首页> 外文期刊>Information Security, IET >Information fusion-based method for distributed domain name system cache poisoning attack detection and identification

【24h】

Information fusion-based method for distributed domain name system cache poisoning attack detection and identification

机译：基于信息融合的分布式域名系统缓存中毒攻击检测与识别方法

获取原文

获取原文并翻译 | 示例

掌桥外文数据库（机构版） >>

开具论文收录证明 >>

文献代查 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

In this study, the authors consider the detection and identification problems of distributed domain name system (DNS) cache poisoning attack. In the considered distributed attack, multiple cache servers are invaded simultaneously and the attack intensity for each cache server is slight. It is difficult to detect and identify the distributed attack by the existing local information-based detection methods, as the abnormal features for each cache server are indistinctive under distributed attack. To handle this problem, they propose an information fusion-based detection and identification methods. They find that the entropies of the query Internet protocol (IP) addresses for all cache servers are approximately stationary and statistically independent under normal cases. When distributed attack happens, they show the fact that the correlation of the entropies among all cache servers could increase dramatically. On the basis of this feature, they make use of principal component analysis to design the detection and identification methods. Specifically, attack is true when the maximum eigenvalue of the normalised entropies matrix exceeds a threshold, and the attacked servers are identified by the main loading vector. At last, they take a large-scale DNS in China and a simulation as two examples to show the effectiveness of their methods.

机译：在这项研究中，作者考虑了分布式域名系统（DNS）缓存中毒攻击的检测和识别问题。在所考虑的分布式攻击中，同时入侵了多个缓存服务器，每个缓存服务器的攻击强度很小。现有的基于本地信息的检测方法难以检测和识别分布式攻击，因为每个高速缓存服务器的异常功能在分布式攻击下都难以区分。为了解决这个问题，他们提出了一种基于信息融合的检测和识别方法。他们发现，在正常情况下，所有缓存服务器的查询Internet协议（IP）地址的熵大约是固定的，并且在统计上独立。当发生分布式攻击时，它们表明以下事实：所有缓存服务器之间的熵相关性可能会急剧增加。基于此功能，他们利用主成分分析来设计检测和识别方法。具体地，当归一化熵矩阵的最大特征值超过阈值时，攻击为真，并且通过主加载向量来识别被攻击的服务器。最后，他们以在中国的大规模DNS和模拟作为两个例子来说明其方法的有效性。

著录项

来源
《Information Security, IET》 |2016年第1期|37-44|共8页
作者
Wu Hao; Dang Xianglei; Wang Lidong; He Longtao;
展开▼
作者单位

National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT/CC), People's Republic of China;

展开▼
收录信息
原文格式 PDF
正文语种 eng
中图分类
关键词

相似文献

外文文献
中文文献
专利

1. Patent Issued for Detection of Distributed Denial of Service Attacks in Autonomous System Domains [J] . Journal of Engineering . 2013,第13期

机译：用于检测自治系统域中的分布式拒绝服务攻击的专利
2. An Anti-Poisoning Attack Method for Distributed AI System [J] . Xuezhu Xin, Yang Bai, Haixin Wang, 电脑和通信（英文） . 2021,第012期

机译：An Anti-Poisoning Attack Method for Distributed AI System
3. Detection of DNS Cache Poisoning Attack in DNS Standard Resolution Traffic [J] . Yasuo Musashi, Kazuya Takemori, Shinichiro Kubota, 電子情報通信学会技術研究報告. 情報通信マネジメント. Information and Communication Management . 2011,第30期

机译：DNS标准解析流量中DNS缓存中毒攻击的检测
4. An Encryption Algorithm to Prevent Domain Name System Cache Poisoning Attacks [C] . Xue Jun Li, Maode Ma, Narayanan Arjun International Telecommunication Networks and Applications Conference . 2019

机译：防止域名系统缓存中毒攻击的加密算法
5. Model checking the Kaminsky DNS cache-poisoning attack using PRISM. [D] . Deshpande, Tushar Suhas. 2010

机译：使用PRISM模型检查Kaminsky DNS缓存中毒攻击。
6. A Novel Fusion-Based Ship Detection Method from Pol-SAR Images [O] . Wenguang Wang, Yu Ji, Xiaoxia Lin 2015

机译：Pol-SAR图像的基于融合的舰船检测新方法
7. Attack Detection and Identification in Cyber-Physical Systems -- Part II: Centralized and Distributed Monitor Design [O] . Pasqualetti, Fabio, Dörfler, Florian, Bullo, Francesco 2012

机译：网络物理系统中的攻击检测与识别 - 第二部分 II：集中式和分布式监视器设计

Information fusion-based method for distributed domain name system cache poisoning attack detection and identification

摘要

著录项

相似文献

相关主题

期刊订阅