DNS攻击检测与安全防护研究综述

章坚武; 安彦军; 邓黄燕

doi:10.11959/j.issn.1000-0801.2022248

您当前的位置：

首页 >

文章列表页 >

DNS攻击检测与安全防护研究综述

综述 | 更新时间：2024-06-05

- DNS攻击检测与安全防护研究综述
- A survey on DNS attack detection and security protection
- 电信科学 2022年38卷第9期页码：1-17
- 作者机构：
  
  1. 杭州电子科技大学，浙江杭州 310018
  2. 浙江宇视科技有限公司，浙江杭州 310051
- 作者简介：
  
  [ "章坚武（1961- ），男，博士，杭州电子科技大学通信工程学院教授、博士生导师，中国电子学会、中国通信学会高级会员，浙江省通信学会常务理事，主要研究方向为移动通信、多媒体信号处理与人工智能、通信网络与信息安全" ]
  [ "安彦军（1996- ），男，杭州电子科技大学通信工程学院硕士生，主要研究方向为网络安全、人工智能" ]
  [ "邓黄燕（1987- ），女，浙江宇视科技有限公司高级工程师、公共事务总监，主要研究方向为人工智能、物联网等" ]
- 基金信息：
  
  国家自然科学基金资助项目;The National Natural Science Foundation of China(U1866209);国家自然科学基金资助项目;The National Natural Science Foundation of China(61772162)
- DOI：10.11959/j.issn.1000-0801.2022248
  中图分类号： TP393
- 网络出版日期：2022-09，
  
  纸质出版日期：2022-09-20
- 稿件说明：
移动端阅览
章坚武, 安彦军, 邓黄燕. DNS攻击检测与安全防护研究综述[J]. 电信科学, 2022,38(9):1-17.

Jianwu ZHANG, Yanjun AN, Huangyan DENG. A survey on DNS attack detection and security protection[J]. Telecommunications science, 2022, 38(9): 1-17.
章坚武, 安彦军, 邓黄燕. DNS攻击检测与安全防护研究综述[J]. 电信科学, 2022,38(9):1-17. DOI： 10.11959/j.issn.1000-0801.2022248.

Jianwu ZHANG, Yanjun AN, Huangyan DENG. A survey on DNS attack detection and security protection[J]. Telecommunications science, 2022, 38(9): 1-17. DOI： 10.11959/j.issn.1000-0801.2022248.

摘要

随着传统互联网逐渐向“互联网+”演变，域名系统（domain name system，DNS）从基础的地址解析向全面感知、可靠传输等新模式不断扩展。新场景下的DNS由于功能的多样性和覆盖领域的广泛性，一旦受到攻击会造成严重的后果，因此DNS攻击检测与安全防护方面的研究持续进行并越来越受到重视。首先介绍了几种常见的DNS攻击，包括DNS欺骗攻击、DNS隐蔽信道攻击、DNS DDoS（distributed denial of service）攻击、DNS 反射放大攻击、恶意 DGA 域名；然后，从机器学习的角度出发对这些攻击的检测技术进行了系统性的分析和总结；接着，从DNS去中心化、DNS加密认证、DNS解析限制3个方面详细介绍了DNS的安全防护技术；最后，对未来的研究方向进行了展望。

Abstract

With the gradual evolution of the traditional Internet to “Internet+”

the domain name system (DNS) had been continuously expanding from basic address resolution to new models such as comprehensive perception and reliable transmission.Due to the diverse functions and the extensive coverage of DNS in the new scenario

it will cause serious consequences once attacked.Therefore

the research on DNS attack detection and security protection continues and attracts more and more attention.Firstly

several common DNS attacks were introduced

including DNS spoofing

DNS covert channel

DNS distributed denial of service (DDoS) attack

DNS reflection amplification attacks

and malicious DGA domain names.Subsequently

these DNS attack detection technologies were systematically analyzed and summarized from the machine learning perspective.Then

the DNS security protection technologies were sorted out in decentralization

authenticated encryption and limited resolution.Finally

some future research directions were proposed.

关键词

Keywords

references

KHANNA A , KAUR S . Internet of things (IoT),applications and challenges:a comprehensive review [J ] . Wireless Personal Communications , 2020 , 114 ( 2 ): 1687 - 1762 .

LIU Y , XIAO F . Intelligent monitoring system of residential environment based on cloud computing and Internet of things [J ] . IEEE Access , 2021 ( 99 ): 58378 - 58389 .

ZENG Z , QI L . “Internet + artificial intelligence” human resource information management system construction innovation and research [J ] . Mathematical Problems in Engineering , 2021 , 2021 ( 6 ): 1 - 11 .

倪思洁 . 互联网域名系统国家工程研究中心主任毛伟：网络根基恐被“卡脖子”,下一步往哪走 [N ] . 中国科学报 , 2022 - 01 - 06 (3).

NI S J . Director of the National Engineering Research Center for the Internet Domain Name System:the foundation of the Internet may be stuck,where to go next [N ] . China Science Daily , 2022 2022 - 01 - 06 (3).

王文通 , 胡宁 , 刘波 , 等 . DNS安全防护技术研究综述 [J ] . 软件学报 , 2020 , 31 ( 7 ): 2205 - 2220 .

WANG W T , HU N , LIU B , et al . Survey on technology of security enhancement for DNS [J ] . Journal of Software , 2020 , 31 ( 7 ): 2205 - 2220 .

VACCARI I , NARTENI S , AIELLO M , et al . Exploiting Internet of things protocols for malicious data exfiltration activities [J ] . IEEE Access , 2021 ( 9 ): 104261 - 104280 .

TUSHIR B , DALAL Y , DEZFOULI B , et al . A quantitative study of DDoS and E-DDoS attacks on Wi-Fi smart home devices [J ] . IEEE Internet of Things Journal , 2020 , 8 ( 8 ): 6282 - 6292 .

ABHISHTA A , VAN R , NIEUWENHUIS L J M . Measuring the impact of a successful DDoS attack on the customer behaviour of managed DNS service providers [J ] . ACM SIGCOMM Computer Communication Review , 2019 , 48 ( 5 ): 70 - 76 .

域名国家工程研究中心 . 下一代DNS,牢筑关键信息基础设施安全 [EB ] . 2022 .

Domain Name National Engineering Research Center . Next-generation DNS,strengthening the security of critical information infrastructure [EB ] . 2022 .

李杰 . DNS欺骗和缓存中毒攻击的检测 [D ] . 成都:电子科技大学 , 2015 .

LI J . The detection of DNS spoofing and cache poisoning attack [D ] . Chengdu:University of electronic science and technology of China , 2015 .

LAMPSON B W . A note on the confinement problem [J ] . Communications of the ACM , 1973 , 16 ( 10 ): 613 - 615 .

李彦峰 , 丁丽萍 , 吴敬征 , 等 . 网络隐蔽信道关键技术研究综述 [J ] . 软件学报 , 2019 , 30 ( 8 ): 2470 - 2490 .

LI Y F , DING L P , WU J Z , et al . Survey on key issues in networks covert channel [J ] . Journal of Software , 2019 , 30 ( 8 ): 2470 - 2490 .

WANY Y , ZHOU A , LIAO S , et al . A comprehensive survey on DNS tunnel detection [J ] . Computer Networks , 2021 ( 197 ): 108322 .

FARNHAM G , ATLASIS A . Detecting DNS tunneling [J ] . SANS Institute InfoSec Reading Room , 2013 ( 9 ): 1 - 32 .

AHMED J , GHARAKHEILI H H , RAZA Q , et al . Monitoring enterprise DNS queries for detecting data exfiltration from internal hosts [J ] . IEEE Transactions on Network and Service Management , 2019 , 17 ( 1 ): 265 - 279 .

KOLIAS C , KAMBOURAKIS G , STAVROU A , et al . DDoS in the IoT:Mirai and other botnets [J ] . Computer , 2017 , 50 ( 7 ): 80 - 84 .

JOW J , XIAO Y , HAN W . A survey of intrusion detection systems in smart grid [J ] . International Journal of Sensor Networks , 2017 , 23 ( 3 ): 170 - 186 .

GREENSTEIN S . The aftermath of the Dyn DDoS attack [J ] . IEEE Micro , 2019 , 39 ( 4 ): 66 - 68 .

PATSAKIS C , CASINO F , KATOS V . Encrypted and covert DNS queries for botnets:challenges and countermeasures [J ] . Computers ＆ Security , 2020 ( 88 ): 101614 .

王浩 . 基于机器学习的异常 DNS 流量检测研究 [D ] . 南京:南京邮电大学 , 2019 .

WANG H . Research on machine learning based abnormal DNS traffic detection [D ] . Nanjing:Nanjing University of Posts and Telecommunications , 2019 .

戴云伟 , 沈春苗 . DNS的RPZ安全防护系统的构建配置与验证 [J ] . 计算机系统应用 , 2022 , 31 ( 3 ): 129 - 135 .

DAI Y W , SHEN C M . Construction,configuration and verification of DNS RPZ protection system [J ] . Computer Systems ＆Applications , 2022 , 31 ( 3 ): 129 - 135 .

DAS A , SHEN M Y , SHASHANKA M , et al . Detection of exfiltration and tunneling over DNS [C ] // Proceedings of 2017 16th IEEE International Conference on Machine Learning and Applications (ICMLA) . Piscataway:IEEE Press , 2017 : 737 - 742 .

AIELLO M , MONGELLI M , PAPALEO G . Basic classifiers for DNS tunneling detection [C ] // Proceedings of 2013 IEEE Symposium on Computers and Communications (ISCC) . Piscataway:IEEE Press , 2013 : 880 - 885 .

ALMUSAWI A , AMINTOOSI H . DNS tunneling detection method based on multilabel support vector machine [J ] . Security and Communication Networks , 2018 .

BUCZAK A L , HANKE P A , CANCRO G J , et al . Detection of tunnels in PCAP data by random forests [C ] // Proceedings of the 11th Annual Cyber and Information Security Research Conference .[S.l.:s.n. ] , 2016 : 1 - 4 .

章思宇 , 邹福泰 , 王鲁华 , 等 . 基于 DNS 的隐蔽通道流量检测 [J ] . 通信学报 , 2013 , 34 ( 5 ): 143 - 151 .

ZHANG S Y , ZOU F T , WANG L H , et al . Detecting DNS-based covert channel on live traffic [J ] . Journal on Communications , 2013 , 34 ( 5 ): 143 - 151 .

YANG P , LI Y , ZHANG Y . Detecting DNS covert channels using stacking model [J ] . China Communications , 2020 , 17 ( 10 ): 183 - 194 .

BUBNOV Y . DNS tunneling detection using feed forward neural network [J ] . European Journal of Engineering and Technology Research , 2018 , 3 ( 11 ): 16 - 19 .

PALAU F , CATANIA C , GUERRA J , et al . Detecting DNS threats:a deep learning model to rule them all [C ] // Proceedings of Simposio Argentino de Inteligencia Artificial .[S.l.:s.n. ] , 2019 : 1 - 12 .

张猛 , 孙昊良 , 杨鹏 . 基于改进卷积神经网络识别DNS隐蔽信道 [J ] . 通信学报 , 2020 , 41 ( 1 ): 169 - 179 .

ZHANG M , SUN H L , YANG P . Identification of DNS covert channel based on improved convolutional neural network [J ] . Journal on Communications , 2020 , 41 ( 1 ): 169 - 179 .

LIU C , DAI L , CUI W , et al . A byte-level CNN method to detect DNS tunnels [C ] // Proceedings of 2019 IEEE 38th International Performance Computing and Communications Conference (IPCCC) . Piscataway:IEEE Press , 2019 : 1 - 8 .

CHEN S , LANG B , LIU H , et al . DNS covert channel detection method using the LSTM model [J ] . Computers ＆ Security , 2021 ( 104 ): 102095 .

TAKEUCHI Y , YOSHIDA T , KOBAYASHI R , et al . Detection of the DNS water torture attack by analyzing features of the subdomain name [J ] . Journal of Information Processing , 2016 , 24 ( 5 ): 793 - 801 .

CHEN L , ZHANG Y , ZHAO Q , et al . Detection of DNS DDoS attacks with random forest algorithm on spark [J ] . Procedia Computer Science , 2018 ( 134 ): 310 - 315 .

TREJO L A , FERMAN V , MEDINA M A , et al . DNS-ADVP:a machine learning anomaly detection and visual platform to protect top-level domain name servers against DDoS attacks [J ] . IEEE Access , 2019 ( 7 ): 116358 - 116369 .

BALLANI H , FRANCIS P . Mitigating DNSDoS attacks [C ] // Proceedings of the 15th ACM Conference on Computer and Communications Security . New York:ACM Press , 2008 : 189 - 198 .

WEI M L , LU Y C , ZHEN M L . Alleviating the impact of DNS DDoS attacks [C ] // Proceedings of 2010 Second International Conference on Networks Security,Wireless Communications and Trusted Computing . Piscataway:IEEE Press , 2010 : 240 - 243 .

MAHJABIN T , XIAO Y , LI T , et al . Load distributed and benign-bot mitigation methods for IoT DNS flood attacks [J ] . IEEE Internet of Things Journal , 2019 , 7 ( 2 ): 986 - 1000 .

JARI A , AVOKH A . PSO-based sink placement and load-balanced anycast routing in multi-sink WSNs considering compressive sensing theory [J ] . Engineering Applications of Artificial Intelligence , 2021 ( 100 ): 104164 .

WANG Z . An elastic and resiliency defense against DDoS attacks on the critical DNS authoritative infrastructure [J ] . Journal of Computer and System Sciences , 2019 ( 99 ): 1 - 26 .

YIN D , ZHANG L , YANG K . A DDoS attack detection and mitigation with software-defined Internet of Things framework [J ] . IEEE Access , 2018 ( 6 ): 24694 - 24705 .

LAL S , TALEB T , DUTTA A . NFV:Security threats and best practices [J ] . IEEE Communications Magazine , 2017 , 55 ( 8 ): 211 - 217 .

TOURANI R , MISRA S , Mick T , et al . Security,privacy,and access control in information-centric networking:a survey [J ] . IEEE communications surveys ＆ tutorials , 2017 , 20 ( 1 ): 566 - 600 .

陶乃勇 . DDoS 放大攻击原理及防护方法 [J ] . 电信网技术 , 2017 ( 10 ): 89 - 93 .

TAO N Y . The principle and protection methods of DDoS amplification attack [J ] . Telecommunications Network Technology , 2017 ( 10 ): 89 - 93 .

MOWBRAY M , HAGEN J . Finding domain-generation algorithms by looking at length distribution [C ] // Proceedings of 2014 IEEE International Symposium on Software Reliability Engineering Workshops . Piscataway:IEEE Press , 2014 : 395 - 400 .

AHLUWALIA A , TRAORE I , GANAME K , et al . Detecting broad length algorithmically generated domains [C ] // Procee dings of International Conference on Intelligent,Secure,and Dependable Systems in Distributed and Cloud Environments .[S.l.:s.n. ] , 2017 : 19 - 34 .

AGYEPONG E , BUCHANAN W J , JONES K . Detection of algorithmically generated malicious domain [C ] // Proceedings of 6th International Conference of Advanced Computer Science ＆Information Technology .[S.l.:s.n. ] , 2018 .

ANTONAKAKIS M , PERDISCI R , NADJI Y , et al . From throw-away traffic to bots:detecting the rise of DGA-based malware [C ] // Proceedings of 21st Security Symposium .[S.l.:s.n. ] , 2012 : 491 - 506 .

ZHOU Y , LI Q , MIAO Q , et al . DGA-based botnet detection using DNS traffic [J ] . Journal of Internet Services and Information Security . 2013 , 3 ( 3/4 ): 116 - 123 .

BISIO F , SAELI S , LOMBARDO P , et al . Real-time behavioral DGA detection through machine learning [C ] // Proceedings of 2017 International Carnahan Conference on Security Technology (ICCST) . Piscataway:IEEE Press , 2017 : 1 - 6 .

PU Y , CHEN X , PU Y , et al . A clustering approach for detecting auto-generated Botnet domains [C ] // Proceedings of International Conference on Applications and Techniques in Information Security .[S.l.:s.n. ] , 2015 : 269 - 279 .

LUO X , WANG L , XU Z , et al . DGAsensor:fast detection for DGA-based malwares [C ] // Proceedings of the 5th International Conference on Communications and Broadband Networking .[S.l.:s.n. ] , 2017 : 47 - 53 .

XU S , LI S Q , MENG K , et al . An adaptive malicious domain detection mechanism with DNS traffic [C ] // Proceedings of the 2017 VI International Conference on Network,Communication and Computing .[S.l.:s.n. ] , 2017 : 86 - 91 .

STEVANOVIC M , PEDERSEN J M , ALCONZO a , et al . A method for identifying compromised clients based on DNS traffic analysis [J ] . International Journal of Information Security , 2017 , 16 ( 2 ): 115 - 132 .

BILGE L , SEN S , BALZAROTTI D , et al . Exposure:A passive DNS analysis service to detect and report malicious domains [J ] . ACM Transactions on Information and System Security , 2014 , 16 ( 4 ): 1 - 28 .

BARUCH M , DAVID G . Domain generation algorithm detection using machine learning methods [M ] . Cyber security:power and technology .[S.l.:s.n. ] , 2018 : 133 - 161 .

MAC H , TRAN D , TONG V , et al . DGA botnet detection using supervised learning methods [C ] // Proceedings of the Eighth International Symposium on Information and Communication Technology .[S.l.:s.n. ] , 2017 : 211 - 218 .

WOODBRIDGE J , ANDERSON H S , AHUJA A , et al . Predicting domain generation algorithms with long short-term memory networks [J ] . arXiv preprint,2016,arXiv:1611.00791 .

TRAN D , MAC H , TONG V , et al . A LSTM based framework for handling multiclass imbalance in DGA botnet detection [J ] . Neurocomputing , 2018 ( 275 ): 2401 - 2413 .

CHEN Y , PANG B , SHAO G , et al . DGA-based botnet detection toward imbalanced multiclass learning [J ] . Tsinghua Science and Technology , 2021 , 26 ( 4 ): 387 - 402 .

VINAYAKUMAR R , SOMAN K P , POORNACHANDRAN P , et al . Evaluating deep learning approaches to characterize and classify the DGAs at scale [J ] . Journal of Intelligent ＆ Fuzzy Systems , 2018 , 34 ( 3 ): 1265 - 1276 .

ANDERSON H S , WOODBRIDGE J , FILAR B . DeepDGA:adversarially-tuned domain generation and detection [C ] // Proceedings of the 2016 ACM Workshop on Artificial Intelligence and Security . New York:ACM Press , 2016 : 13 - 21 .

王媛媛 , 吴春江 , 刘启和 , 等 . 恶意域名检测研究与应用综述 [J ] . 计算机应用与软件 , 2019 , 36 ( 9 ): 310 - 316 .

WANG Y Y , WU C J , LIU Q H , et al . Overview of malicious domain Name detection and application [J ] . Computer Applications and Software , 2019 , 36 ( 9 ): 310 - 316 .

BENSHOOF B , ROSEN A , BOURGEOIS A G , et al . Distributed decentralized domain name service [C ] // Proceedings of 2016 IEEE International Parallel and Distributed Processing Symposium Workshops (IPDPSW) . Piscataway:IEEE Press , 2016 : 1279 - 1287 .

YIN S , TENG Y , HU N , et al . Decentralization of DNS:old problems and new challenges [C ] // Proceedings of the 2020 International Conference on Cyberspace Innovation of Advanced Technologies .[S.l.:s.n. ] , 2020 : 335 - 341 .

陈烨 , 许冬瑾 , 肖亮 . 基于区块链的网络安全技术综述 [J ] . 电信科学 , 2018 , 34 ( 3 ): 10 - 16 .

CHEN Y , XU D J , XIAO L . Survey on network security based on blockchain [J ] . Telecommunications Science , 2018 , 34 ( 3 ): 10 - 16 .

KIM J Y . A comparative study of block chain:Bitcoin· Namecoin· MediBloc [J ] . Journal of Science and Technology Studies , 2018 , 18 ( 3 ): 217 - 255 .

ALI M , NELSON J , SHEA R , et al . Blockstack:a global naming and storage system secured by blockchains [C ] // Proceedings of 2016 USENIX Annual Technical Conference (USENIX ATC 16) .[S.l.:s.n. ] , 2016 : 181 - 194 .

胡宁 , 邓文平 , 姚苏 . 互联网 DNS 安全研究现状与挑战 [J ] . 网络与信息安全学报 , 2017 , 3 ( 3 ): 13 - 21 .

HU N , DENG W P , YAO S . Issues and challenges of Internet DNS security [J ] . Chinese Journal of Network and Information Security , 2017 , 3 ( 3 ): 13 - 21 .

CHUNG T , VAN R , CHOFFNES D , et al . Understanding the role of registrars in DNSSEC deployment [C ] // Proceedings of the 2017 Internet Measurement Conference .[S.l.:s.n. ] , 2017 : 369 - 383 .

ZOU F , ZHANG S , PEI B , et al . Survey on domain name system security [C ] // Proceedings of 2016 IEEE First International Conference on Data Science in Cyberspace (DSC) . Piscataway:IEEE Press , 2016 : 602 - 607 .

YU L , ZHANG W , WANG J , et al . Seqgan:sequence generative adversarial nets with policy gradient [C ] // Proceedings of the AAAI Conference on Artificial Intelligence .[S.l.:s.n. ] , 2017 ,31(1).

NADLER A , AMINOV A , SHABTAI A . Detection of malicious and low throughput data exfiltration over the DNS protocol [J ] . Computers ＆ Security , 2019 , 80 : 36 - 53 .

ZHUANG T , LIU W F , DONG L I . DNS root domain name analysis system based on block chain [J ] . Telecommunications Science , 2018 , 34 ( 3 ): 17 .

ZARRIN J , PHANG H W , SAHEER L B , et al . Blockchain for decentralization of internet:prospects,trends and challenges [J ] . Cluster Computing , 2021 : 1 - 26 .

MISHRA S , TRIPATHY N , MISHRA B K , et al . Analysis of security issues in cloud environment [J ] . Security Designs for the Cloud,IoT,and Social Networking , 2019 : 19 - 41 .

POPLI M , . A survey on cloud security issues and challenges [C ] // Proceedings of 2019 6th International Conference on Computing for Sustainable Global Development (INDIACom) . Piscataway:IEEE Press , 2019 : 230 - 235 .

ALLMAN M , . Comments on DNS robustness [C ] // Proceedings of the Internet Measurement Conference 2018 .[S.l.:s.n. ] , 2018 : 84 - 90 .

浏览量

784

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

基于可解释机器学习模型的电信行业客户流失预测研究

基于SDWAN承载技术的生态环境厅业务专网升级

基于流量特征重构与映射的物联网DDoS攻击单流检测方法

基于5G语音质差自适应算法研究及应用

基于区块链与深度学习的空间分集协作频谱感知系统