摘要
随着传统互联网逐渐向“互联网+”演变,域名系统(domain namesystem,DNS)从基础的地址解析向全面感知、可靠传输等新模式不断扩展。新场景下的DNS由于功能的多样性和覆盖领域的广泛性,一旦受到攻击会造成严重的后果,因此DNS攻击检测与安全防护方面的研究持续进行并越来越受到重视。首先介绍了几种常见的DNS攻击,包括DNS欺骗攻击、DNS隐蔽信道攻击、DNS DDoS(distributed denial of service)攻击、DNS反射放大攻击、恶意DGA域名;然后,从机器学习的角度出发对这些攻击的检测技术进行了系统性的分析和总结;接着,从DNS去中心化、DNS加密认证、DNS解析限制3个方面详细介绍了DNS的安全防护技术;最后,对未来的研究方向进行了展望。
With the gradual evolution of the traditional Internet to “Internet+”, the domain name system(DNS) had been continuously expanding from basic address resolution to new models such as comprehensive perception and reliable transmission. Due to the diverse functions and the extensive coverage of DNS in the new scenario, it will cause serious consequences once attacked. Therefore, the research on DNS attack detection and security protection continues and attracts more and more attention. Firstly, several common DNS attacks were introduced, including DNS spoofing, DNS covert channel, DNS distributed denial of service(DDoS) attack, DNS reflection amplification attacks,and malicious DGA domain names. Subsequently, these DNS attack detection technologies were systematically analyzed and summarized from the machine learning perspective. Then, the DNS security protection technologies were sorted out in decentralization, authenticated encryption and limited resolution. Finally, some future research directions were proposed.
作者
章坚武
安彦军
邓黄燕
ZHANG Jianwu;AN Yanjun;DENG Huangyan(Hangzhou Dianzi University,Hangzhou 310018,China;Zhejiang Uniview Technologies Co.,Ltd.,Hangzhou 310051,China)
出处
《电信科学》
2022年第9期1-17,共17页
Telecommunications Science
基金
国家自然科学基金资助项目(No.U1866209,No.61772162)。
关键词
域名系统
DNS攻击检测
安全防护
机器学习
domain name system
DNS attack detection
security protection
machine learning
