计算机工程 ›› 2011, Vol. 37 ›› Issue (18): 118-120.doi: 10.3969/j.issn.1000-3428.2011.18.039

• 安全技术 • 上一篇    下一篇

基于累积和算法的域名系统缓存攻击检测

吕 卓,范 磊   

  1. (上海交通大学信息安全工程学院,上海 200240)
  • 收稿日期:2011-03-17 出版日期:2011-09-20 发布日期:2011-09-20
  • 作者简介:吕 卓(1986-),男,硕士研究生,主研方向:入侵检测,信息安全;范 磊,副教授、博士
  • 基金资助:
    国家“863”计划基金资助项目(2007AA01Z473)

Detection of Domain Name System Cache Attack Based on Cumulative Sum Algorithm

LV Zhuo, FAN Lei   

  1. (School of Information Security Engineering, Shanghai Jiaotong University, Shanghai 200240, China)
  • Received:2011-03-17 Online:2011-09-20 Published:2011-09-20

摘要: 针对域名系统(DNS)缓存攻击,提出一种简单有效的检测机制。为增强对攻击行为的敏感性并减小计算复杂度,通过无参数累积和检测模型改进DNS的协议行为,利用变点检测的相关算法实现对攻击行为的检测。仿真结果表明,该机制能够有效检测DNS缓存攻击,并实现检测准确率和误警率间的平衡。

关键词: 累积和算法, 域名系统缓存攻击, 入侵检测, 误警率

Abstract: Aiming at the Domain Name System(DNS) attack, this paper proposes a simple and robust detection mechanism. The core of this mechanism is based on the inherent DNS protocol behaviors and applies an instance of change point detection algorithm to detect attack behavior. To make the detection mechanism insensitive to attack and low computational complexity, based on the nonparametric Cumulative Sum(CUSUM) algorithm, it makes some improvements in view of DNS protocol behavior. Simulation results show the mechanism can detect the DNS attack, it makes good compromise between the detection rate and the false alarm rate.

Key words: Cumulative Sum(CUSUM) algorithm, Domain Name System(DNS) cache attack, intrusion detection, false alarm rate

中图分类号: