CN110572401A - Ranking statistical method, device, system and medium based on DNS over HTTPS - Google Patents

Ranking statistical method, device, system and medium based on DNS over HTTPS Download PDF

Info

Publication number
CN110572401A
CN110572401A CN201910856171.7A CN201910856171A CN110572401A CN 110572401 A CN110572401 A CN 110572401A CN 201910856171 A CN201910856171 A CN 201910856171A CN 110572401 A CN110572401 A CN 110572401A
Authority
CN
China
Prior art keywords
domain name
https
domain
names
library
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910856171.7A
Other languages
Chinese (zh)
Inventor
黄友俊
李星
吴建平
黄海燕
郝健
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CERNET Corp
Original Assignee
CERNET Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CERNET Corp filed Critical CERNET Corp
Priority to CN201910856171.7A priority Critical patent/CN110572401A/en
Publication of CN110572401A publication Critical patent/CN110572401A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Debugging And Monitoring (AREA)

Abstract

the disclosure provides a ranking statistical method based on DNS over HTTPS. The method comprises the following steps: acquiring more than one https domain name to be queried, wherein each https domain name corresponds to a corresponding domain name system; extracting HTTPS domain names corresponding to domain name systems without domain name system security extension and DNS over HTTPS to a first domain name library; classifying and sequencing the https domain names in the first domain name library according to the access times; and storing the sorted https domain names into a second domain name library. The disclosure also provides a device, a system and a medium for ranking statistics based on DNS over HTTPS.

Description

Ranking statistical method, device, system and medium based on DNS over HTTPS
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to a method, an apparatus, a system, and a medium for ranking statistics based on DNS over HTTPS.
Background
DNS-over-HTTPS is a security protocol that enforces the use of hypertext transfer security protocol (HTTPS) for all links associated with Domain Name System (DNS) servers. The DNS-over-HTTPS is essentially a DNS request interaction for encrypting a message based on HTTPS. Different from the traditional safety extension standard of the DNS, the DNS-over-HTTPS focuses more on the encryption of DNS interactive messages. Therefore, the domain name statistical ranking of the DNS-over-HTTPS encryption protocol has important significance for cloud network end integrated security such as artificial intelligence security, big data security, Internet of things security and the like in the next step.
Disclosure of Invention
in view of this, the present disclosure provides a ranking statistical method, device, system, and medium based on the NDSover HTTPS, which may extract an HTTPS domain name corresponding to a domain name system where a domain name system security extension and a DNS over HTTPS are not deployed, and monitor an IP address corresponding to the HTTPS domain name.
In one aspect of the disclosure, a method for ranking statistics based on DNS over HTTPS is provided. The method comprises the following steps: acquiring more than one https domain name to be queried, wherein each https domain name corresponds to a corresponding domain name system; extracting HTTPS domain names corresponding to domain name systems without domain name system security extension and DNS over HTTPS to a first domain name library; classifying and sequencing the https domain names in the first domain name library according to the access times; and storing the sorted https domain names into a second domain name library.
According to an embodiment of the present disclosure, the method further comprises: and monitoring the IP address corresponding to each https domain name in the second domain name library so as to repair the vulnerability of the leaked IP address when the IP address is leaked.
According to an embodiment of the present disclosure, the obtaining of more than one https domain names to be queried includes: capturing a message in a 443 port in the Internet; extracting https type messages from the messages; and analyzing the https type message to obtain the https domain name to be queried.
According to an embodiment of the present disclosure, extracting an HTTPS domain name corresponding to a domain name system where a domain name system security extension and a DNS over HTTPS are not deployed to a first domain name repository includes: calculating the security level of the HTTPS domain name corresponding to each domain name system according to whether the domain name system deploys domain name system security extension and DNS over HTTPS; and extracting the https domain name with the preset security level to the first domain name library.
According to an embodiment of the present disclosure, the calculating a security level of an HTTPS domain name corresponding to each domain name system according to whether each domain name system deploys a domain name system security extension and a DNS over HTTPS, includes: setting the security level of each https domain name as the preset value; and when the domain name system deploys domain name system security extension or DNS overHTTPS, updating the security level of the https domain name corresponding to the domain name system to be the sum of the preset value and the preset increment.
According to the embodiment of the present disclosure, the sorting the https domain names in the first domain name library according to the number of accesses includes: classifying the https domain names according to whether the https domain names in the first domain name library are the same, and performing duplicate removal processing on the same https domain names; establishing a corresponding relation between the https domain name after the deduplication processing and the access times thereof, wherein the access times represent the times of the https domain name corresponding to the https domain name appearing in the first domain name library; and sequencing the https domain names after the deduplication processing according to the access times corresponding to the https domain names after the deduplication processing.
In another aspect of the present disclosure, a DNS over HTTPS-based ranking statistics apparatus is provided. The device comprises an acquisition module, an extraction module, a classification and sorting module and a storage module. The acquisition module is used for acquiring more than one https domain name to be queried, and each https domain name corresponds to a corresponding domain name system. The extracting module is used for extracting the HTTPS domain name corresponding to the domain name system without the domain name system security extension and the DNS over HTTPS to the first domain name library. The classification and sorting module is used for classifying and sorting the https domain names in the first domain name library according to the access times; the storage module is used for storing the sorted https domain names to a second domain name library.
According to an embodiment of the present disclosure, the apparatus further comprises: and the monitoring module is used for monitoring the IP address corresponding to each https domain name in the second domain name library so as to repair the leak of the IP address when the IP address is leaked.
in another aspect of the present disclosure, a DNS over HTTPS-based ranking statistics system is provided, including: a memory; a processor running a program to perform the method as described above.
In another aspect of the present disclosure, a computer-readable storage medium is provided, having executable instructions stored thereon, which when executed by a processor, cause the processor to perform the method as described above.
According to the embodiment of the disclosure, the HTTPS domain name corresponding to the domain name system without domain name system security extension and DNS over HTTPS can be extracted, and the IP address corresponding to the HTTPS domain name is monitored, so that if the IP address is revealed, the vulnerability of the revealed IP address is repaired.
drawings
The above and other objects, features and advantages of the present disclosure will become more apparent from the following description of embodiments of the present disclosure with reference to the accompanying drawings, in which:
FIG. 1 schematically illustrates a flow diagram of a DNS over HTTPS based ranking statistics method according to an embodiment of the present disclosure;
FIG. 2 schematically illustrates a flow diagram of domain name extraction in a DNS over HTTPS based ranking statistics method according to an embodiment of the disclosure;
FIG. 3 schematically illustrates a flow diagram of domain name security level calculation in a DNS over HTTPS based ranking statistics method according to an embodiment of the disclosure;
FIG. 4 schematically illustrates a flow diagram of domain name sorting in a DNS over HTTPS based ranking statistics method according to an embodiment of the disclosure;
FIG. 5 schematically illustrates a block diagram of a DNS over HTTPS based ranking statistics apparatus according to an embodiment of the present disclosure; and
fig. 6 schematically illustrates a block diagram of an electronic device adapted to implement a DNS over HTTPS-based ranking statistics method according to an embodiment of the present disclosure.
Detailed Description
hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is illustrative only and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present disclosure.
the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It is noted that the terms used herein should be interpreted as having a meaning that is consistent with the context of this specification and should not be interpreted in an idealized or overly formal sense.
where a convention analogous to "at least one of A, B and C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B and C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.). Where a convention analogous to "A, B or at least one of C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B or C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
The embodiment of the disclosure provides a ranking statistical method, a device, a system and a medium based on DNS over HTTPS. The ranking statistical method based on the DNS over HTTPS comprises the steps of obtaining more than one HTTPS domain name to be inquired, wherein each HTTPS domain name corresponds to a corresponding domain name system; extracting HTTPS domain names corresponding to domain name systems without domain name system security extension and DNS over HTTPS to a first domain name library; classifying and sequencing the https domain names in the first domain name library according to the access times; and storing the sorted https domain names into a second domain name library. In this way, full life cycle management can be performed on the IP addresses and vulnerabilities corresponding to the domain name system without domain name system security extensions and DNS over HTTPS deployed.
fig. 1 schematically shows a flow diagram of a DNS over HTTPS-based ranking statistics method according to an embodiment of the present disclosure.
referring to fig. 1, and in conjunction with fig. 2-4, the method of fig. 1, which includes operations S110-S140, will be described in detail.
In operation S110, more than one https domain name to be queried is obtained, where each https domain name corresponds to a corresponding domain name system.
According to the embodiment of the disclosure, acquiring more than one https domain names to be queried includes: capturing messages in a 443 port in the internet, extracting https type messages from the captured messages, and analyzing the https type messages to obtain more than one https domain names to be queried. 443 port is a web browsing port, primarily used for HTTPS services, providing encryption and another HTTP over a secure port. Further, for example, using Fiddler to capture a first packet from a browser, performing a multi-browser test on the captured data packet, extracting a data packet with a processing result of http or https from the captured data packet according to a test result, and analyzing the extracted data packet to obtain an https domain name of each data packet. Fiddler is an http protocol debugging agent tool which can record and check http communication between all terminals and the Internet, set breakpoints and check all Fiddler data in and out.
In operation S120, the HTTPS domain name corresponding to the domain name system without the deployment of the domain name system security extension and the DNS over HTTPS is extracted to the first domain name repository. Domain Name System Security Extensions (DNSSE) are a group of Internet engineering tasks that ensure that a particular type of information specification is used in an Internet protocol network provided by a Domain Name System. The DNS over HTTPS can convert the DNS analysis request into an encryption protocol for transmission, thereby avoiding domain name hijacking and other operations. Therefore, the HTTPS domain name corresponding to the domain name system security extension of DNS over HTTPS is easily hijacked.
in operation S130, the https domain names in the first domain name repository are sorted by access number. Specifically, the first domain name library includes a large number of https domain names, and the same https domain names may exist, so that the same https domain names need to be divided into a group, and the number of https domain names in each group is the number of times of access to the https domain names in the group. It will be appreciated that https domain names, which are accessed more often, are more popular with users. Further, the grouped https domain names are sorted, for example, from high to low by the number of accesses to the https domain name in each group, as shown in table 1.
TABLE 1
https domain name Number of accesses
https://www.baidu.com/ 1000
http://www.soopat.com/ 500
https://www.kugou.com/ 270
In operation S140, the sorted and ordered https domain names are stored in the second domain name repository. According to the embodiment of the disclosure, the domain names which are easy to hijack are sequentially stored in the second domain name library according to the popularity degree of the user, so that the IPv6 address data are prepared for the next cloud integrated security such as artificial intelligence security, big data security, Internet of things security and the like.
according to an embodiment of the present disclosure, after operation S140, the DNS over HTTPS-based ranking statistics method further includes: and monitoring the IP address corresponding to each https domain name in the second domain name library so as to repair the leak revealing the IP address when the IP address is revealed, thereby realizing the full-life-cycle management of the IP address and the leak.
Fig. 2 schematically shows a flowchart of domain name extraction in a DNS over HTTPS-based ranking statistics method according to an embodiment of the present disclosure.
As shown in fig. 2, according to an embodiment of the present disclosure, extracting the HTTPS domain name corresponding to the domain name system where the domain name system security extension and the DNS over HTTPS are not deployed to the first domain name repository in operation S120 may include operation S121-operation S122.
In operation S121, the security level of the HTTPS domain name corresponding to the domain name system is calculated according to whether each domain name system deploys the domain name system security extension and the DNS over HTTPS. Specifically, for example, the security level of the HTTPS domain name corresponding to the domain name system deploying the domain name system security extension and the dnSover HTTPS is set to a preset value, and the preset value is, for example, an initial security level (for example, a constant value of 0).
In operation S122, the https domain name with the security level of the preset value is extracted to the first domain name repository. Specifically, for example, the https domain name whose security level is the initial security level is extracted to the first domain name repository.
Fig. 3 schematically illustrates a flow chart of domain name security level calculation in a DNS over HTTPS-based ranking statistics method according to an embodiment of the present disclosure.
as shown in fig. 3, according to an embodiment of the present disclosure, calculating the security of the HTTPS domain name corresponding to the domain name system, and the like in operation S121 according to whether each domain name system deploys the domain name system security extension and the DNS over HTTPS may include operation S121 ″ -operation S121 ″.
In operation S S121', the security level of each https domain name is set to a preset value. The preset value is, for example, an initial value of 0.
In operation S121 ″, when the domain name system deploys the domain name system security extension or the DNS over HTTPS, the security level of the HTTPS domain name corresponding to the domain name system is updated to be the sum of the preset value and the preset increment. Specifically, for example, for a certain https domain name, if a domain name system security extension is deployed in a domain name system corresponding to the https domain name, the security level of the https domain name is subjected to an addition process, if a DNS overHTTPS is deployed in the domain name system corresponding to the https domain name, the security level of the https domain name is subjected to an addition process again, and accordingly, the preset increment is 1 or 2.
fig. 4 schematically shows a flowchart of domain name sorting in a DNS over HTTPS-based ranking statistics method according to an embodiment of the present disclosure.
As shown in fig. 4, sorting the https domain names in the first domain name repository by access times in operation S130 may include operations S131-S132 according to an embodiment of the present disclosure.
In operation S131, the https domain names are classified according to whether the https domain names in the first domain name repository are the same, and deduplication processing is performed on the same https domain names. Specifically, for example, a domain name library M is newly created, an https domain name is taken out from the first domain name library, if a domain name identical to the https domain name exists in the domain name library M, the https domain name is deleted from the first domain name library, if a domain name identical to the https domain name does not exist in the domain name library M, the https domain name is deleted from the first domain name library, the https domain name is added to the domain name library M, and the above operations are repeated to process each https domain name in the first domain name library.
In operation S132, a corresponding relationship between the https domain name after the deduplication processing and the access times thereof is established, where the access times represent the times of occurrence of the https domain name corresponding thereto in the first domain name repository.
in operation S133, the https domain names after the deduplication processing are sorted according to the access times corresponding to the https domain names after the deduplication processing. Specifically, for example, the https domain names in the domain name library M are sorted in the order of the number of accesses from high to low, and the sorted https domain names are stored in the second database.
Fig. 5 schematically shows a block diagram of a DNS over HTTPS-based ranking statistics apparatus according to an embodiment of the present disclosure.
As shown in fig. 5, the DNS over HTTPS-based ranking statistics apparatus 500 includes an obtaining module 510, an extracting module 520, a sorting module 530, and a storing module 540. Apparatus 500 may be used to perform operations of the DNS over HTTPS-based ranking statistics method described in fig. 1-4.
The obtaining module 510 may execute operation S110, for example, to obtain more than one https domain names to be queried, where each https domain name corresponds to a corresponding domain name system.
The extracting module 520 may perform operation S120, for example, to extract an HTTPS domain name corresponding to a domain name system where the domain name system security extension and the DNS over HTTPS are not deployed to the first domain name repository.
The sorting module 530 may perform operation S130, for example, for sorting the https domain names in the first domain name repository by access times.
the storing module 540 may perform operation S140, for example, to store the sorted https domain names into the second domain name repository.
According to an embodiment of the present disclosure, the apparatus 500 may further include a monitoring module 550. The monitoring module 550 is configured to monitor an IP address corresponding to each https domain name in the second domain name base, so as to repair a leak revealing the IP address when the IP address is revealed, thereby implementing full-life-cycle management on the IP address and the leak.
Any number of modules, sub-modules, units, sub-units, or at least part of the functionality of any number thereof according to embodiments of the present disclosure may be implemented in one module. Any one or more of the modules, sub-modules, units, and sub-units according to the embodiments of the present disclosure may be implemented by being split into a plurality of modules. Any one or more of the modules, sub-modules, units, sub-units according to embodiments of the present disclosure may be implemented at least in part as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented in any other reasonable manner of hardware or firmware by integrating or packaging a circuit, or in any one of or a suitable combination of software, hardware, and firmware implementations. Alternatively, one or more of the modules, sub-modules, units, sub-units according to embodiments of the disclosure may be at least partially implemented as a computer program module, which when executed may perform the corresponding functions.
For example, any of the obtaining module 510, the extracting module 520, the sorting module 530, the storing module 540, and the monitoring module 550 may be combined and implemented in one module, or any one of the modules may be split into multiple modules. Alternatively, at least part of the functionality of one or more of these modules may be combined with at least part of the functionality of the other modules and implemented in one module. According to an embodiment of the present disclosure, at least one of the obtaining module 510, the extracting module 520, the sorting module 530, the storing module 540, and the monitoring module 550 may be implemented at least partially as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented by hardware or firmware in any other reasonable manner of integrating or packaging a circuit, or implemented by any one of three implementations of software, hardware, and firmware, or implemented by a suitable combination of any several of them. Alternatively, at least one of the retrieving module 510, the extracting module 520, the sorting module 530, the storing module 540 and the monitoring module 550 may be at least partly implemented as a computer program module, which when executed may perform a corresponding function.
Fig. 6 schematically illustrates a block diagram of an electronic device suitable for implementing a DNS over HTTPS-based ranking statistics method according to an embodiment of the present disclosure. Fig. 6 is only an example and should not bring any limitations to the function and scope of use of the disclosed embodiments.
As shown in fig. 6, an electronic device 600 according to an embodiment of the present disclosure includes a processor 601, which can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM)602 or a program loaded from a storage section 608 into a Random Access Memory (RAM) 603. Processor 601 may include, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or associated chipset, and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), among others. The processor 601 may also include onboard memory for caching purposes. Processor 601 may include a single processing unit or multiple processing units for performing different actions of a method flow according to embodiments of the disclosure.
In the RAM 603, various programs and data necessary for the operation of the electronic apparatus 600 are stored. The processor 601, the ROM 602, and the RAM 603 are connected to each other via a bus 604. The processor 601 performs various operations of the method flows according to the embodiments of the present disclosure by executing programs in the ROM 602 and/or RAM 603. It is to be noted that the programs may also be stored in one or more memories other than the ROM 602 and RAM 603. The processor 601 may also perform various operations of methods according to embodiments of the present disclosure by executing programs stored in the one or more memories.
Electronic device 600 may also include input/output (I/O) interface 605, input/output (I/O) interface 605 also connected to bus 604, according to an embodiment of the disclosure. The system 600 may also include one or more of the following components connected to the I/O interface 605: an input portion 606 including a keyboard, a mouse, and the like; an output section 608 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage section 608 including a hard disk and the like; and a communication section 609 including a network interface card such as a LAN card, a modem, or the like. The communication section 609 performs communication processing via a network such as the internet. The driver 610 is also connected to the I/O interface 605 as needed. A removable medium 611 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 610 as necessary, so that a computer program read out therefrom is mounted in the storage section 608 as necessary.
According to embodiments of the present disclosure, method flows according to embodiments of the present disclosure may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable storage medium, the computer program containing program code for performing the method illustrated by the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 609, and/or installed from the removable medium 611. The computer program, when executed by the processor 601, performs the above-described functions defined in the system of the embodiments of the present disclosure. The systems, devices, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
The present disclosure also provides a computer-readable storage medium, which may be contained in the apparatus/device/system described in the above embodiments; or may exist separately and not be assembled into the device/apparatus/system. The computer-readable storage medium carries one or more programs which, when executed, implement a DNS over HTTPS-based ranking statistics method according to an embodiment of the disclosure.
According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. For example, according to embodiments of the present disclosure, a computer-readable storage medium may include the ROM 602 and/or RAM 603 described above and/or one or more memories other than the ROM 602 and RAM 603.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The embodiments of the present disclosure have been described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described separately above, this does not mean that the measures in the embodiments cannot be used in advantageous combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be devised by those skilled in the art without departing from the scope of the present disclosure, and such alternatives and modifications are intended to be within the scope of the present disclosure.

Claims (10)

1. A ranking statistical method based on DNS over HTTPS comprises the following steps:
Acquiring more than one https domain name to be queried, wherein each https domain name corresponds to a corresponding domain name system;
Extracting HTTPS domain names corresponding to domain name systems without domain name system security extension and DNS over HTTPS to a first domain name library;
classifying and sequencing the https domain names in the first domain name library according to the access times;
And storing the sorted https domain names into a second domain name library.
2. The method of claim 1, wherein the method further comprises:
And monitoring the IP address corresponding to each https domain name in the second domain name library so as to repair the vulnerability of the leaked IP address when the IP address is leaked.
3. The method of claim 1, wherein the obtaining of more than one https domain names to be queried comprises:
capturing a message in a 443 port in the Internet;
Extracting https type messages from the messages;
and analyzing the https type message to obtain the https domain name to be queried.
4. The method of claim 1, wherein the extracting an HTTPS domain name corresponding to a domain name system without deploying a domain name system security extension and DNS over HTTPS to a first domain name repository comprises:
calculating the security level of the HTTPS domain name corresponding to each domain name system according to whether the domain name system deploys domain name system security extension and DNS over HTTPS;
And extracting the https domain name with the preset security level to the first domain name library.
5. The method of claim 4, wherein the calculating the security level of the HTTPS domain name corresponding to the domain name system according to whether each domain name system deploys a domain name system security extension and DNS over HTTPS comprises:
Setting the security level of each https domain name as the preset value;
And when the domain name system deploys domain name system security extension or DNS over HTTPS, updating the security level of the HTTPS domain name corresponding to the domain name system to be the sum of the preset value and the preset increment.
6. The method of claim 1, wherein the sorting the https domain names in the first domain name repository by access times comprises:
Classifying the https domain names according to whether the https domain names in the first domain name library are the same, and performing duplicate removal processing on the same https domain names;
Establishing a corresponding relation between the https domain name after the deduplication processing and the access times thereof, wherein the access times represent the times of the https domain name corresponding to the https domain name appearing in the first domain name library;
And sequencing the https domain names after the deduplication processing according to the access times corresponding to the https domain names after the deduplication processing.
7. A DNS over HTTPS-based ranking statistics apparatus, comprising:
The system comprises an acquisition module, a query module and a query module, wherein the acquisition module is used for acquiring more than one https domain names to be queried, and each https domain name corresponds to a corresponding domain name system;
the extracting module is used for extracting the HTTPS domain name corresponding to the domain name system without the domain name system security extension and the DNS over HTTPS to the first domain name library;
the classification and sequencing module is used for classifying and sequencing the https domain names in the first domain name library according to the access times;
And the storage module is used for storing the sorted https domain names to a second domain name library.
8. The apparatus of claim 7, wherein the apparatus further comprises:
And the monitoring module is used for monitoring the IP address corresponding to each https domain name in the second domain name library so as to repair the leak of the IP address when the IP address is leaked.
9. a DNS over HTTPS-based ranking statistics system, comprising:
a memory;
a processor running a program to perform the method of any one of claims 1 to 6.
10. a computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to perform the method of any one of claims 1 to 6.
CN201910856171.7A 2019-09-10 2019-09-10 Ranking statistical method, device, system and medium based on DNS over HTTPS Pending CN110572401A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910856171.7A CN110572401A (en) 2019-09-10 2019-09-10 Ranking statistical method, device, system and medium based on DNS over HTTPS

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910856171.7A CN110572401A (en) 2019-09-10 2019-09-10 Ranking statistical method, device, system and medium based on DNS over HTTPS

Publications (1)

Publication Number Publication Date
CN110572401A true CN110572401A (en) 2019-12-13

Family

ID=68778881

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910856171.7A Pending CN110572401A (en) 2019-09-10 2019-09-10 Ranking statistical method, device, system and medium based on DNS over HTTPS

Country Status (1)

Country Link
CN (1) CN110572401A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113065078A (en) * 2021-03-16 2021-07-02 赛尔新技术(北京)有限公司 Statistical analysis method for simulating user behavior to dial and test multistage domain names of WEB sites

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105516053A (en) * 2014-09-22 2016-04-20 北京奇虎科技有限公司 Website security detection method and website security detection device
CN106131016A (en) * 2016-07-13 2016-11-16 北京知道创宇信息技术有限公司 Maliciously URL detection interference method, system and device
US20180018465A1 (en) * 2016-07-18 2018-01-18 vThreat, Inc. System and method for identifying network security threats and assessing network security
CN109067768A (en) * 2018-08-31 2018-12-21 赛尔网络有限公司 A kind of detection method, system, equipment and the medium of inquiry of the domain name safety

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105516053A (en) * 2014-09-22 2016-04-20 北京奇虎科技有限公司 Website security detection method and website security detection device
CN106131016A (en) * 2016-07-13 2016-11-16 北京知道创宇信息技术有限公司 Maliciously URL detection interference method, system and device
US20180018465A1 (en) * 2016-07-18 2018-01-18 vThreat, Inc. System and method for identifying network security threats and assessing network security
CN109067768A (en) * 2018-08-31 2018-12-21 赛尔网络有限公司 A kind of detection method, system, equipment and the medium of inquiry of the domain name safety

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113065078A (en) * 2021-03-16 2021-07-02 赛尔新技术(北京)有限公司 Statistical analysis method for simulating user behavior to dial and test multistage domain names of WEB sites
CN113065078B (en) * 2021-03-16 2022-11-11 赛尔新技术(北京)有限公司 Statistical analysis method for simulating user behavior to dial and test multistage domain names of WEB sites

Similar Documents

Publication Publication Date Title
CN108881294B (en) Attack source IP portrait generation method and device based on network attack behaviors
CN111522922B (en) Log information query method and device, storage medium and computer equipment
CN113489713B (en) Network attack detection method, device, equipment and storage medium
US9632899B2 (en) Method for analyzing request logs in advance to acquire path information for identifying problematic part during operation
CN111177779B (en) Database auditing method, device, electronic equipment and computer storage medium
EP3547121B1 (en) Combining device, combining method and combining program
CN105095207B (en) Retrieval, the method and apparatus for obtaining application software content
CN110929264B (en) Vulnerability detection method and device, electronic equipment and readable storage medium
CN110474900B (en) Game protocol testing method and device
US8539404B2 (en) Functional simulation redundancy reduction by state comparison and pruning
CN113168472A (en) Network security vulnerability repairing method and system based on utilization
CN111290941A (en) Method and device for testing multiple interfaces, computing equipment and medium
WO2020180531A1 (en) Rule-based system and method for detecting and identifying tampering on a result of a security analysis of source code
CN110740125A (en) method for implementing vulnerability library used for vulnerability detection of video monitoring equipment
CN105279078A (en) Method and device for detecting security hole
CN106126419A (en) The adjustment method of a kind of application program and device
CN111865997A (en) WEB vulnerability detection method, device, equipment and medium based on passive flow
CN107885634B (en) Method and device for processing abnormal information in monitoring
CN111209213A (en) Method, system, device and storage medium for detecting abnormity of application program during operation
CN110572401A (en) Ranking statistical method, device, system and medium based on DNS over HTTPS
JP2012083909A (en) Application characteristic analysis device and program
CN113765850A (en) Internet of things anomaly detection method and device, computing equipment and computer storage medium
US20230004478A1 (en) Systems and methods of continuous stack trace collection to monitor an application on a server and resolve an application incident
CN115643044A (en) Data processing method, device, server and storage medium
CN113297583B (en) Vulnerability risk analysis method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20191213

RJ01 Rejection of invention patent application after publication