摘要： 针对域名系统(DNS)缓存攻击，提出一种简单有效的检测机制。为增强对攻击行为的敏感性并减小计算复杂度，通过无参数累积和检测模型改进DNS的协议行为，利用变点检测的相关算法实现对攻击行为的检测。仿真结果表明，该机制能够有效检测DNS缓存攻击，并实现检测准确率和误警率间的平衡。

关键词: 累积和算法, 域名系统缓存攻击, 入侵检测, 误警率

Abstract: Aiming at the Domain Name System(DNS) attack, this paper proposes a simple and robust detection mechanism. The core of this mechanism is based on the inherent DNS protocol behaviors and applies an instance of change point detection algorithm to detect attack behavior. To make the detection mechanism insensitive to attack and low computational complexity, based on the nonparametric Cumulative Sum(CUSUM) algorithm, it makes some improvements in view of DNS protocol behavior. Simulation results show the mechanism can detect the DNS attack, it makes good compromise between the detection rate and the false alarm rate.

Key words: Cumulative Sum(CUSUM) algorithm, Domain Name System(DNS) cache attack, intrusion detection, false alarm rate

中图分类号: 

• TP393