CN105871891A - DNS privacy leakage risk assessment method and system - Google Patents

Abstract

The invention discloses a DNS privacy leakage risk assessment method and system. The method comprises the steps that 1, a to-be-assessed user or user group u is selected, and corresponding multiple privacy leakage risks are selected for the user or user group u; 2, for each privacy leakage risk, a privacy leakage risk value Risk[i] of the privacy leakage risk is calculated according to related data of the privacy leakage risk; 3, an overall DNS privacy leakage risk RISK of the user or user group u is calculated according to the privacy leakage risk degree alpha[i], the privacy invasion difficulty level beta[i] and the privacy leakage risk value Risk[i] of the user or user group u for each privacy leakage risk; 4, the DNS privacy leakage degree of the user or user group u is determined according to the overall DNS privacy leakage risk RISK. According to the DNS privacy leakage risk assessment method and system, quantitative evaluation on the DNS privacy leakage risk can be achieved, and therefore pertinent protective measures can be adopted for the user u conveniently.

Description

A kind of DNS privacy leakage methods of risk assessment and system

Technical field

The present invention relates to a kind of DNS privacy leakage methods of risk assessment and system, belong to technical field of the computer network.

Background technology

Domain name system (DNS) is infrastructure the most key on internet.For Internet user, it is all of Network behavior nearly all needs found by DNS and position corresponding Internet resources.Therefore, DNS itself is containing abundant pass Sensitive data in the internet access behavior of user.But, DNS, at the beginning of design, does not consider that the most potential privacy is let out Divulge a secret danger, cause the privacy leakage event being currently based on DNS again and again to occur.

According to existing DNS Protocol, the resolving of the DNS query request that user side is initiated is as shown in Figure 1.First, use The request of this DNS query is mail to recursion server set in advance (step by family end (DNS resolver of user side specifically) Rapid 1)；After recursion server receives this request, first check for whether local cache exists corresponding resource record, if existing, This record directly returns to user's (step 5), and otherwise the request of this DNS query can be issued authority at different levels by recursion server successively Server (step 2-4), until obtaining the authoritative response asked about this DNS query.Finally, recursion server should by this authority Answer loading caching, and return to user's (step 5).

By above-mentioned resolving it is found that each DNS query for user is asked, it is required for passing through recursion service Device receives corresponding response message, and in other words, recursion server is able to record that all DNS query solicited messages of user； Same, each DNS query sent for user is asked, and recursion server (not considering caching factor) is required for being forwarded To authoritative servers at different levels to obtain corresponding authority response, in other words, authoritative servers at different levels also are able to obtain accordingly Substantial amounts of DNS query solicited message.Therefore, recursion server and authoritative server at different levels can grasp DNS query easily Solicited message, therefrom realizes pry and the mining analysis of user privacy information.On the other hand, due to the request analysis of current DNS Process is substantially plaintext transmission based on udp protocol, and this also causes the whole DNS request resolving can be easily by third party Implement network monitoring based on communication link (i.e. link 1～5 in Fig. 1).

Therefore, DNS connects the only way which must be passed of internet as user, wherein there is great privacy leakage risk.So And, the most still lack relevant technological means and method realizes the DNS privacy leakage risk that faced certain user Objective evaluation.

Summary of the invention

For above-mentioned situation, it is desirable to provide a kind of DNS privacy leakage methods of risk assessment and system, realize with this The quantitative evaluation of the DNS privacy leakage risk that user is faced.Owing to different user'ss (or customer group) can select to use not Same recursion server (usage frequency also differs)；Meanwhile, the set of domains that different user'ss (or customer group) is accessed is also Can difference (including the visiting frequency of each domain name).The privacy that above-mentioned situation causes different user'ss (or customer group) to be faced is let out Divulge a secret and actually exist difference by inches.Every kind of privacy leakage risk can be grasped to this user (or customer group) by this difference Threat degree, thus contribute in the future taking safeguard measure targetedly.

The technical scheme is that

A kind of DNS privacy leakage methods of risk assessment, the steps include:

1) choose user to be assessed or customer group u, and choose some privacies of correspondence for this user or customer group u Disclosure risk；

2) for each privacy leakage risk, according to this privacy leakage wind of correlation data calculation with this privacy leakage risk Privacy leakage value-at-risk Rsik of danger_i；

3) according to each privacy leakage risk for privacy leakage degree α of this user or customer group u_i, for this user Or privacy violation complexity β of customer group u_iAnd this privacy leakage value-at-risk Rsik_iCalculate the total of this user or customer group u Body DNS privacy leakage risk RISK；

4) the DNS privacy leakage degree of this user or customer group u is determined according to this overall DNS privacy leakage risk RISK.

Further, described privacy leakage risk includes: the privacy from recursion server spies upon risk, this user or use The monitoring risk of the communication link between family group u and recursion server, privacy from authoritative server spy upon risk.

Further, the method for overall DNS privacy leakage risk RISK calculating this user or customer group u is: first root According to this privacy leakage degree α_i, privacy violation complexity β_iCreate a Hazard ratio relatively matrix A, the element of this matrix AThen weight factor weight of each privacy leakage risk is calculated according to this matrix A_i, then according to privacy Disclosure risk value Rsik_iAnd weight_iIt is calculated this overall DNS privacy leakage risk RISK.

Further, according to formulaCalculate each privacy leakage value-at-risk Rsik_iPower Repeated factor weight_i；Wherein, N is the number of privacy leakage risk.

Further, the privacy from recursion server spies upon the privacy leakage value-at-risk of riskThe monitoring risk of the communication link between this user or customer group u and recursion server Privacy leakage value-at-riskWherein, freq_rec_iFor this user or user Group u is to recursion server rec_iUsage frequency, prob_rec_iFor recursion server rec_iCan be real to this user or customer group u The probability of existing privacy pry, 1≤i≤n, n are the recursion server sum that this user or customer group u select use；prob_ link_rec_iThe probability of the privacy pry of this user or customer group u it is capable of for communication link.

Further, the privacy from authoritative server spies upon the privacy leakage value-at-risk of riskWherein, freq_aut_iFor this user or customer group u to authoritative server aut_i's Usage frequency, prob_aut_iFor authoritative server this user or customer group u can be realized privacy pry probability, 1≤i≤ M, m are the authoritative server number that this user or customer group u access domain name place.

A kind of DNS privacy leakage risk evaluating system, it is characterised in that include privacy leakage risk aggregate, privacy leakage Risk quantification module, privacy leakage Risk rated ratio distribution module and privacy leakage Risk Calculation module；Wherein,

Privacy leakage risk aggregate, for storing user to be assessed or some privacy leakage wind corresponding to customer group u Danger；

Privacy leakage risk quantification module, for for each privacy leakage risk, according to this privacy leakage risk Privacy leakage value-at-risk Rsik of this privacy leakage risk of correlation data calculation_i；

Privacy leakage Risk rated ratio distribution module, is used for according to each privacy leakage risk for this user or customer group u Privacy leakage degree α_i, for privacy violation complexity β of this user or customer group u_iCalculate each privacy leakage risk Weight factor weight_i；

Privacy leakage Risk Calculation module, for according to privacy leakage value-at-risk Rsik_iAnd weight factor weight_iMeter Calculate overall DNS privacy leakage risk RISK of this user or customer group u；And it is true according to this overall DNS privacy leakage risk RISK This user fixed or the DNS privacy leakage degree of customer group u.

Compared with prior art, the positive effect of the present invention is:

The present invention is based on classification, quantization and the weight assigning process to DNS privacy leakage risk, and it is hidden finally to realize DNS The quantitatively evaluating of private disclosure risk.The quantitatively evaluating of the DNS privacy leakage risk that the present invention is realized can be used towards specific Family or customer group.

Accompanying drawing explanation

Fig. 1 is DNS query request analysis flow chart；

Fig. 2 is the method flow diagram of the present invention.

Detailed description of the invention

Below in conjunction with the accompanying drawings the present invention is explained in further detail:

The method flow of the present invention is as in figure 2 it is shown, first the privacy leakage risk of current DNS is divided into three kinds by the present invention.

Risk₁: the privacy from recursion server spies upon risk；

Risk₂: the monitoring risk of the communication link between this user and recursion server；

Risk₃: the privacy from authoritative server spies upon risk.

It is seen that, for certain specific user or customer group u, the DNS privacy leakage risk journey that it is faced The height of degree, the recursion server used with u and domain name access situation are closely related.Specifically, if u takes for certain recurrence Business device rec_iUse frequency the highest, then u can be by rec_iThe risk carrying out privacy pry is the biggest, and u and rec_iBetween The risk that communication link is monitored is the highest；Same, if authoritative server (such as certain root clothes that u is to certain domain name place Business device root_i, or certain top server tld_i, or certain secondary server sld_i) visiting frequency the highest, then u is by these The risk that authoritative server carries out privacy pry is the biggest, and u passes through rec simultaneously_iAnd the communication link between these authoritative servers Monitored risk is the highest.

With Risk₁As a example by, it is assumed that u is to certain recursion server rec_iThe usage frequency of (1≤i≤n) is freq_rec_i, and rec_iThe probability that u can realize privacy pry is prob_rec_i(this value is defaulted as 1), then what u was faced takes from recurrence Business device Rec={rec₁,rec₂,…rec_nPrivacy pry risk be:

${\mathrm{Risk}}_1=\underset{i=1}{\overset{n}{\mathrm{\Σ}}}freq\_{\mathrm{rec}}_i*prob\_{\mathrm{rec}}_i$

Wherein, freq_rec_i(1≤i≤n) can be by u to recursion server rec_iDNS query data on flows obtain, Such as carry out this DNS query data on flows periodically gathering and sampling statistics draws；rec_iU can be realized privacy pry Probability p rob_rec_iThe default value of (1≤i≤n) is 1 (i.e. this recursion server is capable of the privacy pry of u), can basis rec_iThe credit worthiness of self, u are to rec_iDegree of belief (such as higher to the degree of belief of local recursion server, recurrence overseas is taken The degree of belief of business device is relatively low etc.) etc. combined factors calculate.

Equally, for Risk₂, it is assumed that u and certain recursion server rec_iLink between (1≤i≤n) can be real by third party The probability executing monitoring is prob_link_rec_i(this value is defaulted as 1), then the Risk that u is faced₂For:

${\mathrm{Risk}}_2={\mathrm{\Σ}}_{i=1}^{n}freq\_{\mathrm{rec}}_i*prob\_link\_{\mathrm{rec}}_i$

Wherein, prob_link_rec_iThe default value of (1≤i≤n) is 1 (i.e. this link is capable of the privacy pry of u), Can calculate according to combined factors such as the hop counts of this link.

For Risk₃, it is assumed that u is to certain authoritative server aut_iThe visiting frequency of (1≤i≤m) is freq_aut_i, and aut_i The probability that u can realize privacy pry is prob_aut_i(this value is defaulted as 1), then u faced from authoritative server Aut={aut₁,aut₂,…aut_mPrivacy pry risk be:

${\mathrm{Risk}}_3=\underset{i=1}{\overset{m}{\mathrm{\Σ}}}freq\_{\mathrm{aut}}_i*prob\_{\mathrm{aut}}_i.$

Wherein, freq_aut_i(1≤i≤m) can be by u to authoritative server aut_iDNS query data on flows carry out Periodically gather and sampling statistics draws；prob_aut_iThe default value of (1≤i≤m) is that 1 (i.e. this authoritative server is capable of The privacy pry of u), can be according to aut_iThe credit worthiness of self, u are to aut_iDegree of belief (such as to main flow TLDs such as .com/.cn Authoritative domain name degree of belief under one's name is higher, relatively low etc. to the authoritative domain name degree of belief under other non-mainstream TLDs) etc. factor COMPREHENSIVE CALCULATING draws.Overall DNS privacy leakage risk RISK that thus u is faced:

$RISK={\mathrm{\Σ}}_{i=1}^N{\mathrm{Risk}}_i*{\mathrm{weight}}_i.$

Wherein, weight_i(1≤i≤3) are respectively each risk above-mentioned in DNS privacy leakage risk overall assessment Weight factor in journey.For weight_iCalculating process, can by consider Risk_iTwo different aspects finally calculate Go out.That is:

Risk_iLeakage order of severity α for privacy of user_i

Risk_iInfringement complexity β for privacy of user_i

Thus drawing final Hazard ratio relatively matrix A (i j), this matrix is by element a_ijComposition, represents risk Risk_iRelatively In risk Risk_jSignificance level:

$A=\left(\begin{array}{cc}{a}_{11}& a_{1N}\\ a_{N1}& a_{NN}\end{array}\right)$

Wherein,Obviously, as i=j, a_ij=1；On the contrary,According to above-mentioned matrix A (i J), every kind of risk Risk can be calculated_iWeight factor weight_iThe number of privacy leakage risk (1≤i≤N, the N are):

${\mathrm{weight}}_i=\frac{1}{N}\underset{j=1}{\overset{N}{\mathrm{\Σ}}}\frac{a_{ij}}{{\mathrm{\Σ}}_{i=1}^N{a}_{ij}}$

Finally according to above-mentioned RISK computing formula, the final quantization of the overall DNS privacy leakage risk that u faced can be drawn Assessment result.

Embodiment:

Accordingly, to set above-mentioned three kinds of DNS privacy leakage risks serious for the leakage of privacy of user for the present invention Degree and the infringement complexity for privacy of user be:

	Risk1	Risk2	Risk3
				αi	1	2/3	1/2
βi	1	2/3	1

Thus drawing final risk comparator matrix, this matrix is by element a_ijComposition, represents risk Risk_iRelative to risk Risk_jSignificance level:

$A=\left(\begin{array}{ccc}1& 9/4& 2\\ 4/9& 1& 8/9\\ 1/2& 9/8& 1\end{array}\right)$

According to above-mentioned matrix, every kind of risk Risk can be calculated_iWeight factor weight_i(1≤i≤3):

${\mathrm{weight}}_i=\frac{1}{3}\underset{j=1}{\overset{3}{\mathrm{\Σ}}}\frac{a_{ij}}{{\mathrm{\Σ}}_{i=1}^3{a}_{ij}}=\left(\begin{array}{c}0.4\\ 0.3\\ 0.2\end{array}\right)$

Then according to Risk_iComputing formula, set the value drawing every kind of DNS privacy leakage risk as:

${\mathrm{Risk}}_i=\left(\begin{array}{c}0.2\\ 0.4\\ 0.8\end{array}\right)$

Finally, draw overall DNS privacy leakage risk RISK that u is faced, thus finally achieve and user is faced The quantitative evaluation of DNS privacy leakage risk.

$RISK={\mathrm{\Σ}}_{i=1}^3{\mathrm{Risk}}_i*{\mathrm{weight}}_i=\mathrm{0.36.}$

Claims (10)

1. a DNS privacy leakage methods of risk assessment, the steps include:

1) choose user to be assessed or customer group u, and choose some privacy leakage of correspondence for this user or customer group u Risk；

2) for each privacy leakage risk, according to this privacy leakage risk of correlation data calculation of this privacy leakage risk Privacy leakage value-at-risk Rsik_i；

3) according to each privacy leakage risk for privacy leakage degree α of this user or customer group u_i, for this user or user Privacy violation complexity β of group u_iAnd this privacy leakage value-at-risk Rsik_iThe overall DNS calculating this user or customer group u is hidden Private disclosure risk RISK；

4) the DNS privacy leakage degree of this user or customer group u is determined according to this overall DNS privacy leakage risk RISK.

2. the method for claim 1, it is characterised in that described privacy leakage risk includes: from recursion server Privacy spies upon the monitoring risk of the communication link between risk, this user or customer group u and recursion server, from authoritative server Privacy pry risk.

3. method as claimed in claim 2, it is characterised in that calculate the overall DNS privacy leakage wind of this user or customer group u The method of danger RISK is: first according to this privacy leakage degree α_i, privacy violation complexity β_iCreate a Hazard ratio relatively matrix A, The element of this matrix AThen the weight factor of each privacy leakage risk is calculated according to this matrix A weight_i, then according to privacy leakage value-at-risk Rsik_iAnd weight_iIt is calculated this overall DNS privacy leakage risk RISK.

4. method as claimed in claim 3, it is characterised in that according to formulaCalculate each Privacy leakage value-at-risk Rsik_iWeight factor weight_i；Wherein, N is the number of privacy leakage risk.

5. method as claimed in claim 2, it is characterised in that the privacy from recursion server spies upon the privacy leakage of risk Risk

ValueThe prison of the communication link between this user or customer group u and recursion server Listen

The privacy leakage value-at-risk of riskWherein, freq_rec_iFor this use Family or customer group u are to recursion server rec_iUsage frequency, prob_rec_iFor recursion server rec_iCan to this user or Customer group u realizes the probability of privacy pry, and 1≤i≤n, n are the recursion server sum that this user or customer group u select use； prob_link_rec_iThe probability of the privacy pry of this user or customer group u it is capable of for communication link.

6. method as claimed in claim 2, it is characterised in that the privacy from authoritative server spies upon the privacy leakage of risk Value-at-riskWherein, freq_aut_iFor this user or customer group u to authoritative server aut_iUsage frequency, prob_aut_iFor authoritative server this user or customer group u can be realized privacy pry probability, 1 ≤ i≤m, m are the authoritative server number that this user or customer group u access domain name place.

7. a DNS privacy leakage risk evaluating system, it is characterised in that include privacy leakage risk aggregate, privacy leakage wind Danger quantization modules, privacy leakage Risk rated ratio distribution module and privacy leakage Risk Calculation module；Wherein,

Privacy leakage risk aggregate, for storing user to be assessed or some privacy leakage risks corresponding to customer group u；

Privacy leakage risk quantification module, for for each privacy leakage risk, according to relevant to this privacy leakage risk Data calculate privacy leakage value-at-risk Rsik of this privacy leakage risk_i；

Privacy leakage Risk rated ratio distribution module, for according to hidden for this user or customer group u of each privacy leakage risk Private leak degree α_i, for privacy violation complexity β of this user or customer group u_iCalculate the power of each privacy leakage risk Repeated factor weight_i；

Privacy leakage Risk Calculation module, for according to privacy leakage value-at-risk Rsik_iAnd weight factor weight_iCalculating should User or overall DNS privacy leakage risk RISK of customer group u；And determine this according to this overall DNS privacy leakage risk RISK The DNS privacy leakage degree of user or customer group u.

8. system as claimed in claim 7, it is characterised in that described privacy leakage Risk rated ratio distribution module is according to this privacy Leak degree α_i, privacy violation complexity β_iCreate a Hazard ratio relatively matrix A, the element of this matrix AThen root Weight factor weight of each privacy leakage risk is calculated according to this matrix A_i；Described privacy leakage Risk rated ratio distribution module According to formulaCalculate each privacy leakage value-at-risk Rsik_iWeight factor weight_i；Its In, N is the number of privacy leakage risk.

9. system as claimed in claim 7 or 8, it is characterised in that described privacy leakage risk includes: from recursion server Privacy pry risk, the monitoring risk of communication link between this user or customer group u and recursion server, service from authority The privacy pry risk of device.

10. system as claimed in claim 9, it is characterised in that the privacy from recursion server is spied upon the privacy of risk and let out Dew value-at-riskCommunication link between this user or customer group u and recursion server Monitor the privacy leakage value-at-risk of riskWherein, freq_rec_iFor this use Family or customer group u are to recursion server rec_iUsage frequency, prob_rec_iFor recursion server rec_iCan to this user or Customer group u realizes the probability of privacy pry, and 1≤i≤n, n are the recursion server sum that this user or customer group u select use； prob_link_rec_iThe probability of the privacy pry of this user or customer group u it is capable of for communication link；Service from authority The privacy leakage value-at-risk of the privacy pry risk of devicefreq_aut_iFor this user Or customer group u is to authoritative server aut_iUsage frequency, prob_aut_iCan be to this user or customer group u for authoritative server Realizing the probability of privacy pry, 1≤i≤m, m are the authoritative server number that this user or customer group u access domain name place.