基于知识图谱的DNS Query Flood攻击检测研究
Research on DNS Query Flood Attack Detection Based on Knowledge Graph
摘要:
针对具有成本低廉、破坏性大、防御困难特性的DNS Query Flood攻击,本文构建UDP请求的知识图谱。基于攻击者通过发送大量伪造源IP地址的小UDP包冲击DNS服务器实施攻击的原理,本文通过计算客户机对服务器的正常访问频率确定发现DNS Query Flood攻击的流量阈值,基于加州大学洛杉矶分校的DNS Query Flood攻击实验数据集,利用Neo4j可视化分析检验通过阈值判定攻击的准确性。结果表明,阈值检测的方法在混合流量中对攻击流量的检测成功率高达95.04%。
Abstract:
Aiming at the low-cost, destructive, and difficult-to-defense DNS Query Flood attack, this paper constructs a knowledge graph of UDP requests. Based on the principle that the attacker attacks the DNS server by sending a large number of small UDP packets with forged source IP addresses, this article calculates the normal access frequency of the client to the server to determine the traffic threshold for discovering the DNS Query Flood attack. Based on the DNS query flood attack experiment data set of the University of California, Los Angeles, Neo4j was used to visualize the analysis to test the accuracy of the attack by threshold. The results show that the threshold detection method has a detection success rate of 95.04% for attack traffic in mixed traffic.
参考文献
|
[1]
|
中共中央网络安全和信息化委员会办公室, 中华人民共和国国家互联网信息办公室, 中国互联网络信息中心. 中国互联网络发展状况统计报告[R], 2020.
|
|
[2]
|
严芬, 丁超, 殷新春. 基于信息熵的DNS拒绝服务攻击的检测研究[J]. 计算机科学, 2015, 42(3): 140-143.
|
|
[3]
|
Sahri, N.M., Okamura, K. and Auth, C. (2016) Protecting DNS Application from Spoofing Attacks. IJCSNS International Journal of Computer Science and Network Security, 16, 125-134. [Google Scholar] [CrossRef]
|
|
[4]
|
Alonso, R., Monroy, R. and Trejo, L.A. (2016) Mining IP to Domain Name Interactions to Detect DNS Flood Attacks on Recursive DNS Servers. Sensors, 16, 1311. [Google Scholar] [CrossRef] [PubMed]
|
|
[5]
|
刘峤, 李杨, 杨段宏, 等. 知识图谱构建技术综述[J]. 计算机研究与发展, 2016, 53(3): 582-600.
|
|
[6]
|
王文蔚, 肖军弼, 程鹏, 张悦. 基于SDN的DDoS攻击防御系统[J]. 计算机与现代化, 2021(2): 117-118.
|
|
[7]
|
陈佳. 基于知识图谱的DDoS攻击源检测研究[J]. 信息安全研究, 2020(1): 91-96.
|