Cache infection detection method and apparatus based on deep analysis on DNS message

A technology of in-depth analysis and detection device, which is used in digital transmission systems, electrical components, transmission systems, etc.

Inactive Publication Date: 2016-08-03
CHINA INTERNET NETWORK INFORMATION CENTER
View PDF2 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The second attack method is abnormal request access attack
[0007] The third attack met...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Cache infection detection method and apparatus based on deep analysis on DNS message
  • Cache infection detection method and apparatus based on deep analysis on DNS message

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0028] The deployment of the DNS cache poisoning detection device of the present invention in the network is as follows: figure 1 As shown, the DNS traffic between the DNS recursive server and the DNS authoritative server and between the DNS recursive server and the DNS end user is mirrored to the DNS packet analyzer through the switch for DNS cache poisoning detection.

[0029] The DNS cache poisoning detection process of this embodiment is as follows figure 2 shown. Its steps are described as follows:

[0030] For DNS recursive servers and DNS authoritative servers:

[0031] 1) The DNS packet analyzer receives DNS traffic between the mirrored DNS recursive server and the DNS authoritative server.

[0032] 2) The DNS message analyzer parses the network domain name address information in the DNS response message, saves it in the memory of the DNS message analyzer, and counts the number of responses to the domain name.

[0033] 3) When the statistical period (eg, 1 minute)...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a cache infection detection method and apparatus based on a deep analysis on a DNS message. Therefore, a DNS cache infecting attack can be detected timely and warning is carried out. Moreover, after DNS cache infection, a change of a network domain name address in the DNS server cache can be reported accurately, so that the DNS server operaton and maintennace personnel can correct the wrong network domain name address in the DNS server timely.

Description

technical field [0001] The invention belongs to the technical field of computer network security, and relates to a cache poisoning detection method and device based on deep analysis of DNS messages. Background technique [0002] In computer network communication, hosts need to know the IP address of the communication peer to be able to communicate with each other through the IP network. However, the 32-bit IPv4 address (the IPv6 address is 128 bits) is not easy for the communication participants to remember. Therefore, more intuitive domain names (such as www.google.com.hk) are widely used to solve the problem of difficult memory of IP addresses. However, network communication is based on the IP protocol, and the host to be accessed cannot be directly found through the domain name. Therefore, the host needs to convert the domain name entered by the user into an IP address. This process is called domain name resolution. [0003] In order to complete domain name resolution,...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L29/12H04L12/24
CPCH04L41/0631H04L41/0654H04L63/1416H04L63/1466H04L61/5076H04L61/4511
Inventor 李晓东李洪涛张恒张鹏孙才姜涛
Owner CHINA INTERNET NETWORK INFORMATION CENTER
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap