CN109889619B - Abnormal domain name monitoring method and device based on block chain - Google Patents
Abnormal domain name monitoring method and device based on block chain Download PDFInfo
- Publication number
- CN109889619B CN109889619B CN201910080721.0A CN201910080721A CN109889619B CN 109889619 B CN109889619 B CN 109889619B CN 201910080721 A CN201910080721 A CN 201910080721A CN 109889619 B CN109889619 B CN 109889619B
- Authority
- CN
- China
- Prior art keywords
- monitoring
- dns
- node
- domain name
- block chain
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the invention provides a method and a device for monitoring an abnormal domain name based on a block chain, wherein the method comprises the following steps: establishing a block chain for a DNS service monitoring network of a DNS service network; each monitoring node on the block chain acquires the abnormal domain name monitored by the local monitoring node, and sends the abnormal domain name monitored by the local monitoring node to other monitoring nodes on the block chain, so that the other monitoring nodes on the block chain acquire DNS flow monitoring data of the abnormal domain name at the local monitoring node. The abnormal domain name monitoring method and device based on the block chain provided by the embodiment of the invention do not need the management center to uniformly collect the abnormal domain names acquired by the physical nodes and then send the abnormal domain names to the physical nodes, but can enable each node to acquire the abnormal domain names monitored by other nodes through the processing mode of the block chain, thereby realizing the purpose of decentralization without intervention of the management center.
Description
Technical Field
The embodiment of the invention relates to the technical field of computers, in particular to a method and a device for monitoring an abnormal domain name based on a block chain.
Background
In computer network communication, hosts can communicate with each other through an IP network only by knowing the IP address of a communication opposite end. However, a 32-bit IPv4 address (128-bit IPv6 address) is not easy to remember for the communicating party. Therefore, more intuitive domain names (e.g., www.google.com.hk) are widely used to solve the problem of IP addresses that are difficult to remember. However, network communication operates based on the IP protocol, and a host to be accessed cannot be directly found by a domain name. The host needs to convert the domain name entered by the user into an IP address, a process known as domain name resolution.
To accomplish Domain Name resolution, a Domain Name System (DNS) is required to coordinate, which is a distributed database for TCP/IP applications that provides translation between Domain names and IP addresses. Through the domain name system, when a user performs certain applications, the user can directly use the domain name which is convenient to remember and meaningful, and the domain name is resolved into a correct IP address by a DNS server in the network and then returned to the host of the user. The domain name server is a server that stores domain names and corresponding IP addresses of all hosts in the network and has a function of converting domain names into IP addresses. The domain name resolution process means that when a host name needs to be resolved into an IP address by an application process, the application process becomes a client of a domain name system DNS, and the domain name to be resolved is placed in a DNS request message and sent to a domain name server, and the domain name server places the corresponding IP address in an answer message after looking up the domain name and returns the IP address to the client application process. The DNS recursive server is an important device in the DNS analysis system, and responds to DNS query initiated by a terminal user according to the domain name address information in the cache.
When a DNS service is under a network attack, it usually appears as an anomaly in the traffic for DNS domain name access. By monitoring abnormal domain names in DNS traffic, the occurrence of DNS attack behavior can be timely found, so that effective measures can be taken, and loss is reduced to the minimum.
The existing abnormal domain name monitoring method generally collects the abnormal domain name monitoring conditions obtained by each physical node in the DNS service monitoring network by a management center in a unified way, and then sends the abnormal domain name monitoring conditions to each physical node in the DNS service monitoring network. At present, the processing mode is not only low in efficiency, but also depends on the processing of a management center.
Disclosure of Invention
Aiming at the problems in the prior art, the embodiment of the invention provides a method and a device for monitoring an abnormal domain name based on a block chain.
In a first aspect, an embodiment of the present invention provides a method for monitoring an abnormal domain name based on a block chain, including:
establishing a block chain for a DNS service monitoring network of a DNS service network; the DNS service monitoring network comprises a plurality of DNS service monitoring nodes, the DNS service monitoring nodes respectively correspond to a plurality of service nodes in the DNS service network, and each service monitoring node is used for monitoring DNS traffic data of the corresponding service node;
each monitoring node on the block chain acquires the abnormal domain name monitored by the local monitoring node, and sends the abnormal domain name monitored by the local monitoring node to other monitoring nodes on the block chain, so that the other monitoring nodes on the block chain acquire DNS flow monitoring data of the abnormal domain name at the local monitoring node.
Further, the block chain also comprises a summary node;
the summary node is used for acquiring DNS traffic monitoring data of the abnormal domain name acquired by each monitoring node on the block chain, and analyzing whether the access of the abnormal domain name in the whole DNS service network is abnormal or not according to the DNS traffic monitoring data of the abnormal domain name acquired by each monitoring node.
Furthermore, each monitoring node on the block chain is provided with a DNS traffic analyzer;
the DNS traffic analyzer analyzes DNS traffic data on a service node corresponding to the local monitoring node and generates corresponding DNS traffic ranking information;
the DNS traffic analyzer compares the traffic of N domain names with top DNS traffic ranking with a preset abnormal traffic threshold according to the DNS traffic ranking information to acquire abnormal domain names monitored on local monitoring nodes, wherein N is an integer greater than or equal to 1.
In a second aspect, an embodiment of the present invention further provides a system for monitoring an abnormal domain name based on a block chain, where the system includes: a blockchain constructed by a plurality of DNS service monitoring nodes in the DNS service monitoring network; the DNS service monitoring network corresponds to the DNS service networks one by one, the DNS service monitoring network comprises a plurality of DNS service monitoring nodes, the DNS service monitoring nodes respectively correspond to a plurality of service nodes in the DNS service network, and each service monitoring node is used for monitoring DNS traffic data of the corresponding service node;
each monitoring node on the block chain acquires the abnormal domain name monitored by the local monitoring node, and sends the abnormal domain name monitored by the local monitoring node to other monitoring nodes on the block chain, so that the other monitoring nodes on the block chain acquire DNS flow monitoring data of the abnormal domain name at the local monitoring node.
Further, the block chain also comprises a summary node;
the summary node is used for acquiring DNS traffic monitoring data of the abnormal domain name acquired by each monitoring node on the block chain, and analyzing whether the access of the abnormal domain name in the whole DNS service network is abnormal or not according to the DNS traffic monitoring data of the abnormal domain name acquired by each monitoring node.
Furthermore, each monitoring node on the block chain is provided with a DNS traffic analyzer;
the DNS traffic analyzer analyzes DNS traffic data on a service node corresponding to the local monitoring node and generates corresponding DNS traffic ranking information;
the DNS traffic analyzer compares the traffic of N domain names with top DNS traffic ranking with a preset abnormal traffic threshold according to the DNS traffic ranking information to acquire abnormal domain names monitored on local monitoring nodes, wherein N is an integer greater than or equal to 1.
In a third aspect, an embodiment of the present invention further provides an electronic device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the steps of the method for monitoring an abnormal domain name based on a blockchain according to the first aspect when executing the program.
In a fourth aspect, an embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps of the method for monitoring an abnormal domain name based on a blockchain according to the first aspect.
According to the technical scheme, the abnormal domain name monitoring method and device based on the block chain, provided by the embodiment of the invention, are used for establishing the block chain for the DNS service monitoring network of the DNS service network; each monitoring node on the block chain acquires the abnormal domain name monitored by the local monitoring node, and sends the abnormal domain name monitored by the local monitoring node to other monitoring nodes on the block chain, so that the other monitoring nodes on the block chain acquire DNS flow monitoring data of the abnormal domain name at the local monitoring node. It can be seen that, according to the method and device for monitoring an abnormal domain name based on a block chain provided in the embodiments of the present invention, a management center is not required to uniformly collect abnormal domain names acquired by each physical node and then issue the abnormal domain names to each physical node, but each node can acquire abnormal domain names monitored by other nodes through a block chain processing manner, so that a decentralized purpose is achieved, and intervention of the management center is not required.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a flowchart of an abnormal domain name monitoring method based on a block chain according to an embodiment of the present invention;
fig. 2 is a schematic diagram illustrating an implementation manner of an abnormal domain name monitoring method based on a block chain according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of an electronic device according to yet another embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Aiming at the problems in the prior art, the abnormal domain name monitoring method based on the block chain provided by the embodiment of the invention realizes decentralization based on the block chain mechanism, does not need the intervention of a management center, and automatically realizes the abnormal domain name monitoring of the whole DNS service monitoring network. The contents provided by the embodiments of the present invention will be explained in detail by specific examples.
Fig. 1 shows a flowchart of a block chain-based abnormal domain name monitoring method according to an embodiment of the present invention. As shown in fig. 1, the abnormal domain name monitoring method based on a block chain according to the embodiment of the present invention includes the following steps:
step 101: a blockchain is established for a DNS service monitoring network of a DNS service network.
In this step, the DNS service monitoring network includes a plurality of DNS service monitoring nodes, the DNS service monitoring nodes respectively correspond to a plurality of service nodes in the DNS service network, and each service monitoring node is configured to monitor DNS traffic data of a corresponding service node.
Step 102: each monitoring node on the block chain acquires the abnormal domain name monitored by the local monitoring node, and sends the abnormal domain name monitored by the local monitoring node to other monitoring nodes on the block chain, so that the other monitoring nodes on the block chain acquire DNS flow monitoring data of the abnormal domain name at the local monitoring node.
In this step, each monitoring node on the blockchain acquires the abnormal domain name monitored by the local monitoring node, and sends the abnormal domain name monitored by the local monitoring node to other monitoring nodes on the blockchain, so that the other monitoring nodes on the blockchain acquire DNS traffic monitoring data of the abnormal domain name at the local monitoring node. Here, the other monitoring nodes on the blockchain are all other monitoring nodes except the local monitoring node on the blockchain.
For example, if the DNS service network has 3 service nodes, the DNS service monitoring network should include 3 DNS service monitoring nodes, and after a block chain is established for the DNS service monitoring network, the block chain should have 3 monitoring nodes in total, for example, the DNS service network has 3 service nodes, which are a beijing service node, a shanghai service node, and a guangzhou service node respectively, and the DNS service monitoring network should include 3 DNS service monitoring nodes, which are a beijing service monitoring node, a shanghai service monitoring node, and a guangzhou service monitoring node respectively, and after the block chain is established, the block chain should have 3 monitoring nodes in total, which are a beijing monitoring node, a shanghai monitoring node, and a guangzhou monitoring node respectively. The 3 monitoring nodes respectively monitor whether the abnormal domain name exists on the corresponding service node in real time, and when the abnormal domain name is determined to exist, the generated abnormal domain name is sent to other monitoring nodes on the block chain. For example, after analyzing by traffic analysis software, the beijing monitoring node finds that the domain name test.cnnic.cn is an abnormal domain name, then sends the abnormal domain name test.cnnic.cn to the shanghai monitoring node and the guangzhou monitoring node (specifically, the sending method is to broadcast on a block chain), and after receiving the abnormal domain name sent by the beijing monitoring node, the shanghai monitoring node and the guangzhou monitoring node obtain DNS traffic monitoring data of the abnormal domain name test.cnnic.cn at the local monitoring node.
According to the technical scheme, the abnormal domain name monitoring method and device based on the block chain, provided by the embodiment of the invention, are used for establishing the block chain for the DNS service monitoring network of the DNS service network; each monitoring node on the block chain acquires the abnormal domain name monitored by the local monitoring node, and sends the abnormal domain name monitored by the local monitoring node to other monitoring nodes on the block chain, so that the other monitoring nodes on the block chain acquire DNS flow monitoring data of the abnormal domain name at the local monitoring node. It can be seen that, according to the method and device for monitoring an abnormal domain name based on a block chain provided in the embodiments of the present invention, a management center is not required to uniformly collect abnormal domain names acquired by each physical node and then issue the abnormal domain names to each physical node, but each node can acquire abnormal domain names monitored by other nodes through a block chain processing manner, so that a decentralized purpose is achieved, and intervention of the management center is not required.
On the basis of the above embodiment, the block chain further includes a summary node;
the summary node is used for acquiring DNS traffic monitoring data of the abnormal domain name acquired by each monitoring node on the block chain, and analyzing whether the access of the abnormal domain name in the whole DNS service network is abnormal or not according to the DNS traffic monitoring data of the abnormal domain name acquired by each monitoring node.
In this embodiment, in order to summarize the traffic monitoring results of each monitoring node for the abnormal domain name in the entire network, a summarizing node is set, and the summarizing node summarizes the abnormal domain name monitoring results of the entire DNS service monitoring network. The summary node may be a newly added node except for the monitoring node on the blockchain, or may be a monitoring node designated from the monitoring nodes on the blockchain.
For example, assuming that the beijing monitoring node finds that the domain name test.cnnic.cn is an abnormal domain name, the abnormal domain name is sent to the shanghai monitoring node and the guangzhou monitoring node, and after receiving the abnormal domain name test.cnnic.cn, the shanghai monitoring node and the guangzhou monitoring node obtain DNS traffic monitoring data of the local monitoring node of the abnormal domain name test.cnnic.cn. The summary node acquires the abnormal access condition of the abnormal domain name test.cnnic.cn in the whole DNS service monitoring network according to the DNS traffic monitoring data of the abnormal domain name test.cnnic.cn monitored by the three monitoring nodes.
On the basis of the above embodiment, referring to fig. 2, each monitoring node on the blockchain is deployed with a DNS traffic analyzer; the DNS flow analyzer is arranged beside the router and connected with the router;
the DNS traffic analyzer is internally provided with traffic analysis software which is used for analyzing DNS traffic information on the local monitoring node and generating DNS traffic ranking information on the local monitoring node according to an analysis result;
the DNS traffic analyzer compares the traffic of N domain names with top DNS traffic ranking with a preset abnormal traffic threshold according to the DNS traffic ranking information to acquire the abnormal domain names monitored on the local monitoring nodes, wherein N is an integer greater than or equal to 1, and if the value of N is 50 or 100.
It should be noted that the preset abnormal flow threshold may be obtained by analyzing according to a historical data rule, or may be obtained by machine learning, which is not limited in the embodiment of the present invention.
For example, the DNS traffic analyzer analyzes DNS traffic information on the local monitoring node, for example, counts DNS query traffic domain name Top100 every 5 minutes, extracts an abnormal domain name in the Top100 domain name by analyzing Top100 history data of the domain name and 10000 times per 5 minutes according to a preset abnormal traffic threshold, for example, determines the abnormal domain name to be test.
Another embodiment of the present invention provides a system for monitoring an abnormal domain name based on a block chain, including: a blockchain constructed by a plurality of DNS service monitoring nodes in the DNS service monitoring network; the DNS service monitoring network corresponds to the DNS service networks one by one, the DNS service monitoring network comprises a plurality of DNS service monitoring nodes, the DNS service monitoring nodes respectively correspond to a plurality of service nodes in the DNS service network, and each service monitoring node is used for monitoring DNS traffic data of the corresponding service node;
each monitoring node on the block chain acquires the abnormal domain name monitored by the local monitoring node, and sends the abnormal domain name monitored by the local monitoring node to other monitoring nodes on the block chain, so that the other monitoring nodes on the block chain acquire DNS flow monitoring data of the abnormal domain name at the local monitoring node.
Based on the above embodiment, the block chain further includes a summary node;
the summary node is used for acquiring DNS traffic monitoring data of the abnormal domain name acquired by each monitoring node on the block chain, and analyzing whether the access of the abnormal domain name in the whole DNS service network is abnormal or not according to the DNS traffic monitoring data of the abnormal domain name acquired by each monitoring node.
Based on the above embodiment, each monitoring node on the block chain is deployed with a DNS traffic analyzer;
the DNS traffic analyzer analyzes DNS traffic data on a service node corresponding to the local monitoring node and generates corresponding DNS traffic ranking information;
the DNS traffic analyzer compares the traffic of N domain names with top DNS traffic ranking with a preset abnormal traffic threshold according to the DNS traffic ranking information to acquire abnormal domain names monitored on local monitoring nodes, wherein N is an integer greater than or equal to 1.
Since the system for monitoring an abnormal domain name based on a block chain provided in this embodiment may be used to execute the method for monitoring an abnormal domain name based on a block chain described in the above embodiment, the working principle and the beneficial effect are similar, so detailed descriptions are omitted here, and specific contents may refer to the description of the above embodiment.
Based on the same inventive concept, another embodiment of the present invention provides an electronic device, which specifically includes the following components, with reference to fig. 3: a processor 301, a memory 302, a communication interface 303, and a bus 304;
the processor 301, the memory 302 and the communication interface 303 complete mutual communication through the bus 304; the communication interface 303 is used for realizing information transmission between related devices such as modeling software, an intelligent manufacturing equipment module library and the like;
the processor 301 is configured to call a computer program in the memory 302, and when the processor executes the computer program, the processor implements all the steps of the above abnormal domain name monitoring method based on the blockchain, for example, when the processor executes the computer program, the processor implements the following processes: a blockchain is established for a DNS service monitoring network of a DNS service network. Each monitoring node on the block chain acquires the abnormal domain name monitored by the local monitoring node, and sends the abnormal domain name monitored by the local monitoring node to other monitoring nodes on the block chain, so that the other monitoring nodes on the block chain acquire DNS flow monitoring data of the abnormal domain name at the local monitoring node.
Based on the same inventive concept, another embodiment of the present invention provides a computer-readable storage medium, which stores a computer program, and the computer program when executed by a processor implements all the steps of the above abnormal domain name monitoring method based on a block chain, for example, the processor implements the following processes when executing the computer program: a blockchain is established for a DNS service monitoring network of a DNS service network. Each monitoring node on the block chain acquires the abnormal domain name monitored by the local monitoring node, and sends the abnormal domain name monitored by the local monitoring node to other monitoring nodes on the block chain, so that the other monitoring nodes on the block chain acquire DNS flow monitoring data of the abnormal domain name at the local monitoring node.
In addition, the logic instructions in the memory may be implemented in the form of software functional units and may be stored in a computer readable storage medium when sold or used as a stand-alone product. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (6)
1. An abnormal domain name monitoring method based on a block chain is characterized by comprising the following steps:
establishing a block chain for a DNS service monitoring network of a DNS service network; the DNS service monitoring network comprises a plurality of DNS service monitoring nodes, the DNS service monitoring nodes respectively correspond to a plurality of service nodes in the DNS service network, and each service monitoring node is used for monitoring DNS traffic data of the corresponding service node;
each monitoring node on the block chain acquires an abnormal domain name monitored by a local monitoring node, and sends the abnormal domain name monitored by the local monitoring node to other monitoring nodes on the block chain, so that the other monitoring nodes on the block chain acquire DNS flow monitoring data of the abnormal domain name at the local monitoring node;
the block chain also comprises a summary node;
the summary node is used for acquiring DNS traffic monitoring data of the abnormal domain name acquired by each monitoring node on the block chain, and analyzing whether the access of the abnormal domain name in the whole DNS service network is abnormal or not according to the DNS traffic monitoring data of the abnormal domain name acquired by each monitoring node.
2. The method of claim 1, wherein each monitoring node on the blockchain is deployed with a DNS traffic analyzer;
the DNS traffic analyzer analyzes DNS traffic data on a service node corresponding to the local monitoring node and generates corresponding DNS traffic ranking information;
the DNS traffic analyzer compares the traffic of N domain names with top DNS traffic ranking with a preset abnormal traffic threshold according to the DNS traffic ranking information to acquire abnormal domain names monitored on local monitoring nodes, wherein N is an integer greater than or equal to 1.
3. An abnormal domain name monitoring system based on a block chain is characterized by comprising: a blockchain constructed by a plurality of DNS service monitoring nodes in the DNS service monitoring network; the DNS service monitoring network corresponds to the DNS service networks one by one, the DNS service monitoring network comprises a plurality of DNS service monitoring nodes, the DNS service monitoring nodes respectively correspond to a plurality of service nodes in the DNS service network, and each service monitoring node is used for monitoring DNS traffic data of the corresponding service node;
each monitoring node on the block chain acquires an abnormal domain name monitored by a local monitoring node, and sends the abnormal domain name monitored by the local monitoring node to other monitoring nodes on the block chain, so that the other monitoring nodes on the block chain acquire DNS flow monitoring data of the abnormal domain name at the local monitoring node;
the block chain also comprises a summary node;
the summary node is used for acquiring DNS traffic monitoring data of the abnormal domain name acquired by each monitoring node on the block chain, and analyzing whether the access of the abnormal domain name in the whole DNS service network is abnormal or not according to the DNS traffic monitoring data of the abnormal domain name acquired by each monitoring node.
4. The system according to claim 3, wherein each monitoring node on the blockchain is deployed with a DNS traffic analyzer;
the DNS traffic analyzer analyzes DNS traffic data on a service node corresponding to the local monitoring node and generates corresponding DNS traffic ranking information;
the DNS traffic analyzer compares the traffic of N domain names with top DNS traffic ranking with a preset abnormal traffic threshold according to the DNS traffic ranking information to acquire abnormal domain names monitored on local monitoring nodes, wherein N is an integer greater than or equal to 1.
5. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the steps of the blockchain based abnormal domain name monitoring method according to any one of claims 1 to 2 when executing the program.
6. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method for blockchain based abnormal domain name monitoring according to any one of claims 1 to 2.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910080721.0A CN109889619B (en) | 2019-01-28 | 2019-01-28 | Abnormal domain name monitoring method and device based on block chain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910080721.0A CN109889619B (en) | 2019-01-28 | 2019-01-28 | Abnormal domain name monitoring method and device based on block chain |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109889619A CN109889619A (en) | 2019-06-14 |
| CN109889619B true CN109889619B (en) | 2022-01-21 |
Family
ID=66927061
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910080721.0A Active CN109889619B (en) | 2019-01-28 | 2019-01-28 | Abnormal domain name monitoring method and device based on block chain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109889619B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111953671B (en) * | 2020-07-31 | 2022-08-26 | 中国工商银行股份有限公司 | Dynamic honey net data processing method and system based on block chain |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102045214A (en) * | 2009-10-20 | 2011-05-04 | 成都市华为赛门铁克科技有限公司 | Botnet detection method, device and system |
| CN102739647A (en) * | 2012-05-23 | 2012-10-17 | 国家计算机网络与信息安全管理中心 | High-interaction honeypot based network security system and implementation method thereof |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9722906B2 (en) * | 2015-01-23 | 2017-08-01 | Cisco Technology, Inc. | Information reporting for anomaly detection |
| CN105187411B (en) * | 2015-08-18 | 2018-09-14 | 福建省海峡信息技术有限公司 | A kind of method of distribution abnormality detection network data flow |
| CN105069158B (en) * | 2015-08-25 | 2019-03-26 | 上海携程商务有限公司 | Data digging method and system |
| CN106850647B (en) * | 2017-02-21 | 2020-05-26 | 上海交通大学 | Malicious domain name detection algorithm based on DNS request period |
-
2019
- 2019-01-28 CN CN201910080721.0A patent/CN109889619B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102045214A (en) * | 2009-10-20 | 2011-05-04 | 成都市华为赛门铁克科技有限公司 | Botnet detection method, device and system |
| CN102739647A (en) * | 2012-05-23 | 2012-10-17 | 国家计算机网络与信息安全管理中心 | High-interaction honeypot based network security system and implementation method thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109889619A (en) | 2019-06-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10929538B2 (en) | Network security protection method and apparatus | |
| Barbosa et al. | Flow whitelisting in SCADA networks | |
| CN105024969B (en) | A kind of method and device for realizing the identification of malice domain name | |
| CN109379390B (en) | Network security baseline generation method based on full flow | |
| EP3113460A2 (en) | Enhanced inter-network monitoring and adaptive management of dns traffic | |
| CN111092900B (en) | Method and device for monitoring abnormal connection and scanning behavior of server | |
| CN107733867B (en) | Botnet discovery and protection method, system and storage medium | |
| CN110266650B (en) | Identification method of Conpot industrial control honeypot | |
| CN107360198B (en) | Suspicious domain name detection method and system | |
| CN105827599A (en) | Cache infection detection method and apparatus based on deep analysis on DNS message | |
| CN113238923B (en) | Service behavior tracing method and system based on state machine | |
| CN109889619B (en) | Abnormal domain name monitoring method and device based on block chain | |
| CN110784358A (en) | Method and device for constructing network call relation topological graph | |
| CN108011870B (en) | A kind of remote software online upgrading information automatic identification management method | |
| CN112839005B (en) | DNS domain name abnormal access monitoring method and device | |
| CN106470249A (en) | Gateway-whois domain name registration querying method and device | |
| CN104219219A (en) | Method, server and system for handling data | |
| CN107508840A (en) | A kind of method that monitoring DNS domain name based on DNS Proxy is attacked | |
| WO2020157561A1 (en) | Port scan detection | |
| CN113904843B (en) | Analysis method and device for abnormal DNS behaviors of terminal | |
| CN115225531B (en) | Database firewall testing method and device, electronic equipment and medium | |
| CN113839940B (en) | URL pattern tree-based defense method, device, electronic equipment and readable storage medium | |
| US10333966B2 (en) | Quarantining an internet protocol address | |
| CN111698110A (en) | Network equipment performance analysis method, system, equipment and computer medium | |
| CN114301696A (en) | Malicious domain name detection method and device, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |