基于云平台的DNS运行性能状态预测及攻击检测系统的设计与实现
发布时间:2018-10-24 14:19
【摘要】:在网络飞速发展的今天,DNS作为网络服务的基础核心设施,它的正常运行是互联网服务的保障。然而在DNS安全相关方面,DNS在设计之初就存在着一些的不完善,DNS服务器在通信时数据没有进行必要的加密,通信双方没有进行有效的认证机制并且数据的完整性也没有得到保证,这些就决定了它是脆弱的,再加上其在网络服务中的重要作用,也就很容易遭到黑客等不法分子的攻击伤害。由此也就很有必要对其进行相应的测量预测监控了。本文首先阐述了 DNS协议技术及DNS设计之初存在的缺陷,由于DNS在设计之初缺乏必要的安全机制,再加上系统规模的不断加大,人为配置故障频现等原因,造成DNS存在众多的安全隐患。DNS协议在这几年中也有了一定的发展,DNSSEC是DNS的一种安全扩展,是为解决DNS欺骗和缓存污染而设计的一种安全机制。虽然没有对数据进行加密,但是它提供了对数据来源的鉴定和对数据完整性的验证功能。然后本文还介绍了几种常见的DNS攻击方式:DNS欺骗、DNS缓存中毒、DDOS攻击、DNS重定向以及利用本机的hosts文件进行本机劫持等。最后我们就上述安全问题,介绍了几种DNS攻击检测的方法,信息熵和时间序列分析都是DNS攻击检测中比较常用且有效的方法。本文所做的主要工作有以下几个方面:1、首先介绍了回归预测算法,并大体介绍了几种回归预测算法的具体实现方式—线性回归算法、局部加权回归、岭回归、前向逐步回归等。通过比较选择了线性回归预测算法。通过实验并结合平方误差和相关系数这两个评估参数,最终选定改进降维(固定了省份、运营商)的解析时间作为预测方案算法的特征值,并给出了回归预测方案的设计。2、设计并实现了基于云平台的DNS运行性能状态预测及攻击检测系统(简称DNS测量预测系统)。系统整体架构上分为:应用层、云平台、数据层、数据分析展示层。设计并实现了 DNS测量预测系统的四大功能:(1)网站DNS解析时间的测量(2)指定省份不同运营商的DNS解析性能对比(3)指定运营商不同省份的DNS解析性能对比(4)网站DNS解析时间趋势的预测。完成了对DNS测量预测系统的详细设计与实现.3、搭建并部署调试上述DNS测量预测系统,同时还对系统的四大功能性设计((1)网站DNS解析时间的测量(2)指定省份不同运营商的DNS解析性能对比(3)指定运营商不同省份的DNS解析性能对比(4)网站DNS解析时间趋势的预测)进行了功能性的测试,各项功能均达到设计预期,充分说明了该系统的预测方案、设计与实现都切实可行。最后还在一定程度上给出了 DNS攻击检测的建议。通过上述工作,我们提供了一种评估预测DNS服务性能好坏的DNS测量预测系统,为企业跟用户选择DNS服务器提供了实际理论依据。为改善国内DNS服务器的服务质量提供了真实有效的理论依据。最后还在一定程度上给出了 DNS攻击检测的建议。
[Abstract]:With the rapid development of network, DNS as the core infrastructure of network services, its normal operation is the guarantee of Internet services. However, in the aspect of DNS security, there are some imperfections in the design of DNS. The data of DNS server is not encrypted when communicating, the two sides of communication do not have effective authentication mechanism and the integrity of data is not guaranteed. This determines that it is vulnerable, plus its important role in the network services, so it is vulnerable to hackers and other criminals. Therefore, it is necessary to monitor the corresponding measurement and prediction. In this paper, firstly, the defects of DNS protocol and DNS design are described. Because DNS lacks the necessary security mechanism at the beginning of design, plus the increasing of system scale, the malfunction frequency of artificial configuration, and so on. DNS protocol has been developed in recent years. DNSSEC is a security extension of DNS and a security mechanism designed to solve DNS spoofing and cache pollution. Although data is not encrypted, it provides authentication of data sources and validation of data integrity. Then this paper introduces several common DNS attacks: DNS spoofing, DNS cache poisoning, DDOS attack, DNS redirection and native hijacking using native hosts files. Finally, we introduce several methods of DNS attack detection. Information entropy and time series analysis are common and effective methods in DNS attack detection. The main work of this paper is as follows: 1. Firstly, the regression prediction algorithm is introduced, and the specific realization of several regression prediction algorithms, such as linear regression algorithm, local weighted regression, ridge regression, forward stepwise regression and so on, is introduced. The linear regression prediction algorithm is chosen by comparison. Through experiments and combining the square error and correlation coefficient, the analytical time of the improved dimensionality reduction (fixed provinces, operators) is selected as the eigenvalue of the prediction algorithm. The design of regression prediction scheme is given. 2. The performance state prediction and attack detection system of DNS based on cloud platform is designed and implemented (DNS measurement and prediction system for short). The overall architecture of the system is divided into: application layer, cloud platform, data layer, data analysis display layer. Four functions of DNS measurement and prediction system are designed and implemented: (1) measurement of DNS parsing time of website (2) comparison of DNS parsing performance of different operators in designated provinces (3) comparison of DNS parsing performance of designated operators in different provinces (4) website DNS Analyze the prediction of time trends. The detailed design and implementation of the DNS measurement and prediction system is completed. The DNS measurement and prediction system mentioned above is built and deployed and debugged. At the same time, the four major functional designs of the system (1) the measurement of the DNS parsing time of the website (2) the comparison of the DNS parsing performance of different operators in the designated provinces (3) the comparison of the DNS parsing performance of the designated operators in different provinces (4) the DNS parsing time trend of the website A functional test was carried out. All the functions are up to the design expectation, which fully explains the prediction scheme of the system, and the design and implementation are feasible. Finally, the suggestion of DNS attack detection is given to some extent. Through the above work, we provide a DNS measurement and prediction system to evaluate and predict the performance of DNS service, and provide practical theoretical basis for enterprises and users to select DNS server. It provides a real and effective theoretical basis for improving the service quality of domestic DNS server. Finally, the suggestion of DNS attack detection is given to some extent.
【学位授予单位】:北京邮电大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP393.08
[Abstract]:With the rapid development of network, DNS as the core infrastructure of network services, its normal operation is the guarantee of Internet services. However, in the aspect of DNS security, there are some imperfections in the design of DNS. The data of DNS server is not encrypted when communicating, the two sides of communication do not have effective authentication mechanism and the integrity of data is not guaranteed. This determines that it is vulnerable, plus its important role in the network services, so it is vulnerable to hackers and other criminals. Therefore, it is necessary to monitor the corresponding measurement and prediction. In this paper, firstly, the defects of DNS protocol and DNS design are described. Because DNS lacks the necessary security mechanism at the beginning of design, plus the increasing of system scale, the malfunction frequency of artificial configuration, and so on. DNS protocol has been developed in recent years. DNSSEC is a security extension of DNS and a security mechanism designed to solve DNS spoofing and cache pollution. Although data is not encrypted, it provides authentication of data sources and validation of data integrity. Then this paper introduces several common DNS attacks: DNS spoofing, DNS cache poisoning, DDOS attack, DNS redirection and native hijacking using native hosts files. Finally, we introduce several methods of DNS attack detection. Information entropy and time series analysis are common and effective methods in DNS attack detection. The main work of this paper is as follows: 1. Firstly, the regression prediction algorithm is introduced, and the specific realization of several regression prediction algorithms, such as linear regression algorithm, local weighted regression, ridge regression, forward stepwise regression and so on, is introduced. The linear regression prediction algorithm is chosen by comparison. Through experiments and combining the square error and correlation coefficient, the analytical time of the improved dimensionality reduction (fixed provinces, operators) is selected as the eigenvalue of the prediction algorithm. The design of regression prediction scheme is given. 2. The performance state prediction and attack detection system of DNS based on cloud platform is designed and implemented (DNS measurement and prediction system for short). The overall architecture of the system is divided into: application layer, cloud platform, data layer, data analysis display layer. Four functions of DNS measurement and prediction system are designed and implemented: (1) measurement of DNS parsing time of website (2) comparison of DNS parsing performance of different operators in designated provinces (3) comparison of DNS parsing performance of designated operators in different provinces (4) website DNS Analyze the prediction of time trends. The detailed design and implementation of the DNS measurement and prediction system is completed. The DNS measurement and prediction system mentioned above is built and deployed and debugged. At the same time, the four major functional designs of the system (1) the measurement of the DNS parsing time of the website (2) the comparison of the DNS parsing performance of different operators in the designated provinces (3) the comparison of the DNS parsing performance of the designated operators in different provinces (4) the DNS parsing time trend of the website A functional test was carried out. All the functions are up to the design expectation, which fully explains the prediction scheme of the system, and the design and implementation are feasible. Finally, the suggestion of DNS attack detection is given to some extent. Through the above work, we provide a DNS measurement and prediction system to evaluate and predict the performance of DNS service, and provide practical theoretical basis for enterprises and users to select DNS server. It provides a real and effective theoretical basis for improving the service quality of domestic DNS server. Finally, the suggestion of DNS attack detection is given to some extent.
【学位授予单位】:北京邮电大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP393.08
【参考文献】
相关期刊论文 前7条
1 倪彤光;顾晓清;王洪元;;基于时间序列分析的DNS服务器的DDoS攻击检测[J];常州大学学报(自然科学版);2015年02期
2 杜跃进;张兆心;王克;杨逍;胡萍;任立昊;;基于贡献度分析的DNS服务质量评价模型[J];南京理工大学学报;2013年06期
3 林成虎;李晓东;金键;尉迟学彪;吴军;;基于W-Kmeans算法的DNS流量异常检测[J];计算机工程与设计;2013年06期
4 杜跃进;张兆心;王克;杨逍;胡萍;;基于用户感知的DNS解析网络性能测量技术[J];南京航空航天大学学报;2013年01期
5 翟光群;高凯楠;;DNS服务器的DDoS攻击检测系统的研究[J];计算机工程与应用;2011年33期
6 罗玮;何黎明;;DNSSEC与DNS安全防范研究[J];科技广场;2011年09期
7 丁森林;吴军;毛伟;;利用熵检测DNS异常[J];计算机系统应用;2010年12期
相关博士学位论文 前1条
1 王W,
本文编号:2291648
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2291648.html
