Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

DNS protocol-based access control and virus defense method and system

An access control and defense system technology, applied in the field of network security, can solve problems such as abnormal second-level domain name access, high superimposed costs, professional influence, etc., to increase flexibility and comprehensiveness, expand matching strength, and enrich the system feature library Effect

Active Publication Date: 2018-11-02
孙晨
View PDF6 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

From 07:00 to 12:00 on January 12, 2010, Baidu encountered abnormal access to the top-level domain name baidu.com and its second-level domain names, and all of them were resolved to other addresses for a long time, resulting in many users around the world not using normal Visit Baidu
[0003] Existing technical solutions either transfer illegal traffic, or can only ensure the normal access of the path from the switch or router of the enterprise to the web server during DDOS attacks, and do not fundamentally solve the problem of malicious code and attacks using the DNS protocol. The security prevention and defense of the entire link; the superimposed cost of the two systems is very expensive, and it only solves the DDoS attack, and other defenses may require the use of other security devices, which will affect professionalism

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • DNS protocol-based access control and virus defense method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0033] The present invention will be described in detail below, and the technical solutions in the embodiments of the present invention are clearly and completely described. Obviously, the described embodiments are only some embodiments of the present invention, rather than all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0034] For the deficiencies in the prior art, the object of the present invention is to provide a kind of access control and virus defense method based on DNS protocol, described method comprises the steps:

[0035] (1) The terminal sends a DNS request;

[0036] (2) The request is matched through the black and white list according to the set strategy, if matched then continue; if not matched, discarded;

[0037] (3) Continue to analyze the matching DNS request, record the time whe...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides an access control and virus attack defense method and system. The method comprises the steps of analyzing a matched DNS request, if the DNS request is abnormal, discharging directly, if the DNS request is normal, continuing the operation; analyzing the normal DNS request, determining whether viruses and illegal attack behaviors exist, blocking a virus and an attack through analysis and positioning to get IP addresses of the virus and the attack, returning a special IP address, recording a domain name of the IP address, adding the domain name to a malicious domain name parse library; if the DNS request is suspicious, delivering the DNS request to a honeypot system, interacting by the honeypot system through a formulated interaction protocol, returning a honeypot IP address by the honeypot system, tracing by the honeypot system, if the terminal attacks the honeypot IP address, determining that the terminal is infected with a virus or Trojan, and performing corresponding processing by the system. Through adoption of the method and system, DNS protocol-based security problems can be solved comprehensively.

Description

technical field [0001] The invention relates to network security, in particular to an access control and virus defense system based on the DNS protocol. Background technique [0002] DNS is an acronym for Domain Name System (Domain Name System), which is used to name computers and network services organized into domain hierarchies. A domain name is composed of a string of words or abbreviations separated by dots. Each domain name corresponds to a unique IP address. There is a one-to-one correspondence between domain names and IP addresses on the Internet. DNS is the server for domain name resolution. DNS naming is used in TCP / IP networks such as the Internet to look up computers and services by user-friendly names. DNS is a core service of the Internet, which serves as a distributed database that can map domain names and IP addresses to each other. From 07:00 to 12:00 on January 12, 2010, Baidu encountered abnormal access to the top-level domain name baidu.com and its seco...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/12
CPCH04L63/101H04L63/145H04L63/1458H04L61/4511
Inventor 孙晨
Owner 孙晨
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products