DNS流量采集系统的实现与流量分析

发布时间：2018-05-15 06:00

本文选题：互联网 + DNS　；参考：《北京邮电大学》2017年硕士论文

【摘要】：随着网络渗透到人们生活的方方面面,网络中产生的数据已经呈现爆炸式增长,我们悄然步入大数据时代。大数据时代既给我们带来了机遇也带来了挑战,如何利用海量数据挖掘出有价值的信息,以指导企业甚至国家的发展是需要深入研究的课题。如今网络中包含多种多样的数据流量,有传统通信的通话信息,网络视频信息,音频信息等等,每一类别都值得深入研究。本课题选取网络基础的DNS流量。DNS协议几乎在所有的网络应用中都会被使用,研究和分析DNS流量具有很重要的意义。本文首先对DNS流量采集及分析的背景和意义进行论述,随后详细介绍了 DNS协议的域名空间,解析流程以及报文格式,为后续流量采集系统的设计和实现奠定基础。并且对分布式处理平台Spark进行介绍,详细说明了 Spark设计原理,工作流程等,为后续的流量分析和处理提供了可靠的平台。本文主要从三个方面进行阐述。首先是设计并实现了 DNS采集系统,对采集系统的部署环境和基础架构说明后,又详细介绍了 DNS子模块在报文处理,匹配逻辑上的实现。接着对正常的DNS流量进行分析,流量来源主要分为校园网和骨干网。校园网上,主要从用户和服务器两个维度分析了流量的分布。骨干网上则主要对热门服务器从成功率和服务延迟两方面对服务质量做相应评价。对DNS异常流量的分析,主要为设计一个恶意域名发现系统,利用分类的思想,从样本采集,特征提取,分类器选择等方面建立分类模型,并对分类模型进行性能评估。课题利用真实网络中的DNS流量,通过分析和挖掘的方式从多方面进行研究,尤其对异常流量的研究对网络安全具有重要的意义。
[Abstract]:With the penetration of the network into all aspects of people's lives, the data generated in the network has been explosive growth, we quietly enter the big data era. The era of big data has brought us both opportunities and challenges. How to use mass data to mine valuable information to guide the development of enterprises and even countries is a subject that needs further study. Nowadays, there are many kinds of data flow in the network, such as traditional communication, network video, audio and so on. In this paper, the network based DNS traffic. DNS protocol will be used in almost all network applications. It is of great significance to study and analyze DNS traffic. This paper first discusses the background and significance of DNS traffic collection and analysis, and then introduces the domain name space, parsing flow and message format of DNS protocol in detail, which lays a foundation for the design and implementation of subsequent traffic collection system. The distributed processing platform Spark is introduced, and the design principle and workflow of Spark are explained in detail, which provides a reliable platform for the subsequent flow analysis and processing. This article mainly carries on the elaboration from three aspects. First of all, the DNS acquisition system is designed and implemented. After explaining the deployment environment and infrastructure of the acquisition system, the realization of DNS sub-module in message processing and matching logic is introduced in detail. Then the normal DNS traffic is analyzed, the traffic source is mainly divided into campus network and backbone network. On campus network, traffic distribution is analyzed from two dimensions: user and server. The backbone network mainly evaluates the service quality of hot servers from the aspects of success rate and service delay. The analysis of DNS anomaly traffic is mainly to design a malicious domain name discovery system. By using the idea of classification, the classification model is established from the aspects of sample collection, feature extraction and classifier selection, and the performance of the classification model is evaluated. Using the DNS traffic in the real network, the research is carried out from many aspects by analyzing and mining, especially the research on the abnormal traffic is of great significance to the network security.
【学位授予单位】：北京邮电大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TP393.06

【相似文献】