CN112714100A - Method and system for predicting domain name resolution service safety - Google Patents
Method and system for predicting domain name resolution service safety Download PDFInfo
- Publication number
- CN112714100A CN112714100A CN202011378711.4A CN202011378711A CN112714100A CN 112714100 A CN112714100 A CN 112714100A CN 202011378711 A CN202011378711 A CN 202011378711A CN 112714100 A CN112714100 A CN 112714100A
- Authority
- CN
- China
- Prior art keywords
- domain name
- name server
- judgment result
- data
- giving
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/147—Network analysis or design for predicting network behaviour
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
Abstract
The invention relates to the technical field of Internet domain names, and discloses a method and a system for predicting domain name resolution service safety, wherein the method comprises the following steps: acquiring a domain name server list according to a target domain name; extracting and analyzing DNS record data, domain name server network coverage data and domain name server security data from each server, and giving respective weight distribution to each data; and calculating the final total weight score, and predicting whether the resolution service of the target domain name is safe or not according to a set threshold value. According to the method, after the domain name server list is obtained, the server and the data associated with the domain name are automatically extracted and analyzed, various subdivided evaluation items are set, each item of test data is respectively subjected to quantitative weight division calculation, the final total score is obtained through statistics, whether the resolution service of a certain target domain name is safe or not is judged according to the total score, the prejudgment efficiency is improved, and the prejudgment result is accurate.
Description
Technical Field
The invention relates to the technical field of internet domain names, in particular to a method and a system for predicting domain name resolution service safety.
Background
DNSSEC (Domain Name System Security extensions), a DNS resolution Security extension. The DNSSEC is a security technology for solving the integrity and credibility of domain name resolution data aiming at the DNS resolution security defect.
The DNSSEC technology can solve the problems of authenticity and integrity of the analyzed data, but the safety of the DNS analysis service is not limited to a data level, and the DNS analysis service also comprises a plurality of factors such as network and system safety.
The DNS domain name resolution technology is a basic core technology for interconnection and intercommunication of the Internet. Therefore, the service security of the domain name resolution system built on the DNS resolution technology becomes a key factor of the internet service security, and the security of the domain name website built on the domain name resolution system is greatly influenced. How to judge whether a set of domain name resolution system is safe becomes an important basis for an internet user to evaluate whether a domain name resolution service is reliable or not and select a domain name resolution service provider.
At present, the industry does not have a mature and standard prediction method and system, and a reliable prediction service platform, which can comprehensively and objectively evaluate and predict the security of the domain name resolution service.
Disclosure of Invention
Aiming at the defects of the prior art, the technical problem to be solved by the invention is how to quickly and accurately predict the safety of the domain name resolution service.
In a first aspect of the present invention, a method for predicting security of a domain name resolution service is provided, including:
acquiring a domain name server list according to a target domain name;
extracting and analyzing DNS record data, domain name server network coverage data and domain name server security data from each server, and giving respective weight distribution to each data;
and calculating the final total weight score, and predicting whether the resolution service of the target domain name is safe or not according to a set threshold value.
Further, the analysis of the DNS record data includes one or more of:
judging the validity and consistency of SOA records of the domain name, and respectively giving weight according to the judgment result;
judging the validity and consistency of the glue records of the domain names, and respectively giving weight according to the judgment result;
and judging the validity and consistency of the NS records of the domain name, and respectively giving weight according to the judgment result.
Further, the analysis of the domain name server network coverage data includes one or more of:
judging the number of domain name servers, and giving weight according to the judgment result;
judging the number of top-level domains covered by the domain name server, and giving weight according to the judgment result;
judging whether the domain name server supports IPv4 and IPv6, and respectively giving weight according to the judgment result.
Further, the analysis of the security data of the domain name server includes one or more of:
judging whether a CHAME record exists in the domain name server or not, and giving weight according to a judgment result;
judging whether the domain name server has a reverse resolution record or not, and giving weight according to a judgment result;
judging whether the domain name server supports the EDNSO protocol or not, and giving weight according to a judgment result;
judging whether the domain name server supports the transmission of the AXFR area or not, and giving weight according to the judgment result;
judging whether the domain name server starts a recursion working mode or not, and giving weight according to a judgment result;
judging the validity of the IP address of the domain name server, and respectively giving weight according to the judgment result;
judging whether the domain name server is opened with other irrelevant service ports, and giving weight according to the judgment result;
judging the software version type used by the domain name server, and giving weight according to the judgment result;
judging the version model of the operating system of the domain name server, and giving weight according to the judgment result.
Furthermore, the judgment of the DNS record data, the network coverage data of the domain name server and the safety data of the domain name server is tested by adopting a multithreading concurrency mode.
Furthermore, according to different influences and importance of the DNS record data, the domain name server network coverage data and the domain name server safety data, differentiated weight distribution is set.
In another aspect, a system for predicting security of a domain name resolution service is provided, the system including:
the domain name server acquisition module is used for acquiring a domain name server list according to the target domain name;
the DNS record data analysis module is used for analyzing whether the records related to the domain name are effective or consistent and giving respective weight scores according to the judgment result;
the network coverage data analysis module is used for analyzing the network coverage condition of the domain name server and giving respective weight scores according to the judgment result;
the domain name server security analysis module is used for analyzing the security performance condition of the domain name server and endowing respective weight scores according to the judgment result;
and the domain name safety prediction module is used for counting and adding all weight distributions and judging whether the target domain name is safe or not according to a preset threshold value.
Compared with the prior art, the method and the system for predicting the domain name resolution service safety provided by the invention have the advantages that after the domain name server list is obtained, the server and the data associated with the domain name are automatically extracted and analyzed, various subdivided evaluation items are arranged, each item of test data is subjected to respectively quantized weight score calculation, finally, the final total score is obtained through statistics, and whether the resolution service of a certain target domain name is safe or not is judged according to the total score.
Drawings
FIG. 1 is a flow diagram illustrating a method for predicting domain name resolution service security in one embodiment of the invention;
FIG. 2 is an architecture diagram of a prediction system for domain name resolution service security in an embodiment of the present invention.
Detailed Description
The technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. It is to be understood that the embodiments described are presently preferred modes of carrying out the invention, and that the description is made for the purpose of illustrating the general principles of the invention and not for the purpose of limiting the scope of the invention. The protection scope of the present invention shall be defined by the appended claims, and all other embodiments obtained by those skilled in the art without any inventive work shall fall within the protection scope of the present invention.
Referring to fig. 1, a method for predicting security of a domain name resolution service disclosed in an embodiment of the present invention includes the following steps:
and step S1, acquiring a domain name server list according to the target domain name.
And acquiring all name server lists under the target domain name according to the specified target domain name.
Step S2, extracting and analyzing the DNS record data, the domain name server network coverage data, and the domain name server security data from each server, and assigning the respective weight to each data.
In step S2, it is determined whether the DNS resolution service is secure from three dimensions.
Dimension one: the normalization of domain name resolution data is mainly judged through a plurality of different types of records of domain names, and specifically comprises the following various indexes:
(1) validity of domain name SOA records
According to the technical standard of DNS resolution protocol, in the SOA record of the domain name, MNAME is an authoritative server of the domain name; the recommended value of REFRESH value is 1200 seconds (20 minutes) to 43200 seconds (12 hours); the value of EXPIRE is recommended to be between 1209600 seconds (14 days) and 2419200 seconds (28 days). If the detection is not in the set value range, the detection is judged to be invalid, and certain weight distribution of the detection is deducted.
(2) Domain name SOA record consistency
When there are multiple domain name servers, the SOA records of the domain names provided by each of the domain name servers should be kept consistent. If the two are inconsistent, a certain negative weight score is deducted.
(3) Domain name glue record validity
When a domain name is authorized to a name server under the current domain name, a glue record should be carried. If the record is judged not to carry the glue record or not to be the glue record, the record is invalid, which means that the domain name cannot be analyzed, and a certain weight is deducted.
(4) Domain name glue record consistency
The value record of the domain name in the parent zone and the value record provided by the domain name server should be kept completely consistent. If the detection result shows that the weight is inconsistent, the corresponding weight is deducted.
(5) Domain name NS record format validation
The domain name NS record name should conform to the FQDN format. The name server name consists of letters, numbers, "-" or "-", where "-" or "-" cannot appear at the first and last. If the formats are determined to be in accordance with the regulations, the formats are in accordance with the requirements, and if the formats are not in accordance with the regulations, the corresponding weight scores are deducted.
(6) Domain name NS record consistency
The NS records of the domain name in the parent zone should remain identical to the NS records provided by the domain name server. If the two are detected and judged to be inconsistent, the corresponding weight is deducted.
(7) Whether domain name supports DNSSEC protocol
The domain name is proposed to support DNSSEC protocol so as to ensure the authenticity and integrity of DNS resolution data. And if the DNSSEC protocol is detected and judged not to be supported, deducting the corresponding weight distribution.
In seven more detailed dimensions of the data normalization determination, the weight scores have certain difference, and because whether the glue record of the domain name is effective and whether the NS record format is effective are of great importance to the domain name resolution, the weight scores set for the glue record and the NS record format are relatively higher than other five indexes, and in addition, the weight score set for whether the domain name supports the DNSSEC protocol is also higher than the weight scores set for whether the SOA record of the domain name is effective, whether the glue record format of the domain name is consistent and whether the NS record format of the domain name is consistent.
Dimension two: and (4) counting and judging the network coverage data of the domain name server. Specifically, the method comprises the following three indexes of calculation and judgment:
(1) number of domain name servers
The number of the domain name servers is more than or equal to 2, so that when any 1 of the network is not reachable, other name servers can still normally provide resolution service for the domain name. If the number of the name servers is judged to be 1, the network reachability has a great risk, and the corresponding weight score is deducted, if the number is 2 or more than 2, the risk is judged to be extremely low, and the weight score is given to be 0, namely, the score is not deducted.
(2) Number of top-level domains covered by domain name server
The domain name server proposes to span 2 or more top-level domains, so that when any top-level domain network fails to reach the name server, other name servers can still normally provide resolution service for the domain name. And if the number of the top level domains capable of being covered is 2 or more than 2, determining that the risk is extremely low or no risk, and not deducting the points.
(3) Whether the domain name server IPv4/IPv6 is reachable or not
In addition to supporting IPv4, it is proposed that domain name servers support IPv6 to ensure that the name servers remain reachable in an IPv6 communication network. If the test result shows that neither IPv4 nor IPv6 is reachable, the corresponding weight score is deducted, if one item is not reachable, the corresponding weight score is deducted, and if both items are reachable, the score is not deducted.
In the above network coverage detection and determination of the name servers, the weight occupied by setting the number of the domain name servers and whether the domain name servers IPv4/IPv6 are reachable is relatively high.
Dimension three: a security decision for a domain name server. It is mainly calculated and judged by the following 9 indexes.
(1) Whether a CNAME record exists for a domain name server
The domain name server does not suggest setting a CNAME record, which may cause other record types such as A-record resolution to be masked, resulting in the name server being unreachable. If the weight is detected and judged to exist, the corresponding weight is deducted.
(2) Whether a reverse resolution record exists for a domain name server
It is proposed to set a reverse resolution record for the domain name server, which has positive significance for filtering spam, identifying source requests, etc. If the weight is not present, the corresponding weight is deducted.
(3) Whether EDNS0 protocol is supported
The domain name server proposes to support the EDNS0 protocol to facilitate supporting domain names to provide DNSSEC services. If the protocol is detected and judged not to be supported, the corresponding weight is deducted.
(4) Whether or not AXFR region transfer is supported
The domain name server proposes to forbid the transmission authority of the AXFR area, thereby avoiding influencing the domain name resolution performance and stability. If the weight is not supported, the corresponding weight is deducted.
(5) Whether to open a recursive mode of operation
The domain name server proposes to prohibit the recursive working mode so as to ensure the authority resolution performance and stability. Since opening the recursion means that the stability and performance of the server are greatly affected, if the recursion mode is detected to be opened, the corresponding weight is deducted.
(6) Domain name server IP validity
The domain name server IP should be a public network IP address, and if set to a local network address, it means that the domain name server is unreachable in the public network, which means that the domain name cannot be resolved normally. And if the IP address is detected and judged to be invalid, deducting the corresponding weight distribution.
(7) Whether the domain name server opens other unrelated service ports
The domain name server suggests full-time dedication, prohibiting other unrelated services from being provided outside the resolution service port. If the domain name server is detected to be provided with other service calling ports, the important potential safety hazard exists, and the corresponding weight distribution is deducted.
(8) Domain name server software version
When the version of the software used by the domain name server is lower, more known security vulnerabilities exist, for example, bind resolution software is used, for example, the suggested version should be larger than bind-9.11.21 (the version can be updated according to vulnerability exposure and resolution software version upgrading). And if the model of the detected software version is too low and is not the latest version, which indicates that the serious potential safety hazard exists, deducting the corresponding weight.
(9) Domain name server operating system version
When the version of the domain name server operating system is low, there are many known security vulnerabilities, for example, when the operating system is used as a CentOS, the proposed version should be larger than the CentOS-7.0 (which can be updated according to vulnerability exposure and OS version upgrade). And if the version of the operating system is detected to be too low, which indicates that great potential safety hazard exists, deducting corresponding weight.
In the service security detection of the domain name server, whether the domain name server opens other unrelated service ports or not and the weight score occupied by the domain name server software version domain name server operating system version are set to be highest, and the weight score is set to be highest based on the maximum security risk occupied by the three to the server service security, in addition, whether the domain name server has CANME record or not, whether a recursion working mode is opened or not, the validity of the IP address of the domain name server, and the security proportion to the service is relatively high. The invention carries out calculation and evaluation on the safety evaluation of the domain name resolution service from a plurality of indexes, and the plurality of indexes almost cover all fields of the safety of the domain name resolution service and can accurately reflect the safety condition of the domain name resolution service.
The following table is a specific description of the security statistics of step S2 according to the embodiment of the present invention.
Table-specific evaluation table for service security detection
When the system detects each item, the score of each item is automatically calculated, if the score is in accordance with the item, the corresponding weight score is not deducted, and if the score is not in accordance with the item, the corresponding weight score can be further deducted according to the degree of non-compliance.
In addition, preferably, the detection of each evaluation item is performed by multi-thread concurrent detection, so as to improve the test efficiency and obtain the evaluation result more quickly.
And step S3, calculating the final total weight score, and predicting whether the resolution service of the target domain name is safe or not according to a set threshold value.
The final total weight score may be compared with a preset threshold according to the score subtracted from each item in the step S2, that is, the result of adding the negative scores, or may be calculated by referring to the following formula, where the initial score 100 is used as a reference, and the non-reached detailed evaluation item is subtracted from the corresponding score according to the scoring rule, and added item by item, so as to obtain the comprehensive score of the domain name resolution service security.
Comparing the final calculated composite score with a preset threshold, taking the total score calculated by the above formula as an example, if the final calculated total score is less than 0, it indicates that the subtracted score is more, and the analysis service has a security risk, and of course, those skilled in the art should understand that the set threshold may vary according to different situations, such as 20, -20, etc.
Furthermore, those skilled in the art will understand that some or all of the steps in the method of the above embodiments may be implemented by hardware related to instructions of a program, the program may be stored in a computer readable storage medium, and when executed, the program includes the corresponding steps in the method of the above embodiments, and the storage medium may be: ROM/RAM, magnetic disks, optical disks, memory cards, and the like.
Therefore, as shown in fig. 2, corresponding to the above method, the present invention also provides a system for predicting the security of the domain name resolution service, which includes:
the domain name server acquisition module is used for acquiring a domain name server list according to the target domain name;
the DNS record data analysis module is used for analyzing whether the records related to the domain name are effective or consistent and giving respective weight scores according to the judgment result;
the network coverage data analysis module is used for analyzing the network coverage condition of the domain name server and giving respective weight scores according to the judgment result;
the domain name server security analysis module is used for analyzing the security performance condition of the domain name server and endowing respective weight scores according to the judgment result;
and the domain name safety prediction module is used for counting and adding all weight distributions and judging whether the target domain name is safe or not according to a preset threshold value.
After the domain name server acquisition module acquires the list of the domain name server, the three modules are processed in parallel through the DNS record data analysis module, the network coverage data analysis module and the domain name server safety analysis module, wherein each module has multiple index detection modes and also adopts multi-thread processing, each index is given with corresponding weight according to a detection result after being detected, the weight can be 0 or negative, finally, the total scores of all the items are added to obtain a final score, and whether the service analysis is safe or not is predicted according to the score.
The embodiment of the method in the invention is described in a progressive manner, and for the embodiment of the system, the description is simple because the embodiment is basically similar to the embodiment of the method, and relevant points can be referred to partial description of the embodiment of the method.
The foregoing description shows and describes several preferred embodiments of the invention, but as aforementioned, it is to be understood that the invention is not limited to the forms disclosed herein, but is not to be construed as excluding other embodiments and is capable of use in various other combinations, modifications, and environments and is capable of changes within the scope of the inventive concept as expressed herein, commensurate with the above teachings, or the skill or knowledge of the relevant art. And that modifications and variations may be effected by those skilled in the art without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (8)
1. A method for predicting the security of a domain name resolution service, the method comprising:
acquiring a domain name server list according to a target domain name;
extracting and analyzing DNS record data, domain name server network coverage data and domain name server security data from each server, and giving respective weight distribution to each data;
and calculating the final total weight score, and predicting whether the resolution service of the target domain name is safe or not according to a set threshold value.
2. The method of claim 1, wherein the analysis of the DNS record data includes one or more of:
judging the validity and consistency of SOA records of the domain name, and respectively giving weight according to the judgment result;
judging the validity and consistency of the glue records of the domain names, and respectively giving weight according to the judgment result;
and judging the validity and consistency of the NS records of the domain name, and respectively giving weight according to the judgment result.
3. The method of claim 2, wherein the analysis of the domain name server network coverage data comprises one or more of:
judging the number of domain name servers, and giving weight according to the judgment result;
judging the number of top-level domains covered by the domain name server, and giving weight according to the judgment result;
judging whether the domain name server supports IPv4 and IPv6, and respectively giving weight according to the judgment result.
4. The method of claim 2 or 3, wherein the analysis of the security data of the domain name server comprises one or more of:
judging whether a CHAME record exists in the domain name server or not, and giving weight according to a judgment result;
judging whether the domain name server has a reverse resolution record or not, and giving weight according to a judgment result;
judging whether the domain name server supports the EDNSO protocol or not, and giving weight according to a judgment result;
judging whether the domain name server supports the transmission of the AXFR area or not, and giving weight according to the judgment result;
judging whether a domain name server is started with a recursion working mode or not, and giving weight according to a judgment result;
judging the validity of the IP address of the domain name server, and giving weight according to the judgment result;
judging whether the domain name server is opened with other irrelevant service ports, and giving weight according to the judgment result;
judging the software version type used by the domain name server, and giving weight according to the judgment result;
judging the version model of the operating system of the domain name server, and giving weight according to the judgment result.
5. The method of claim 4, wherein the determination of the DNS record data, domain name server network coverage data, and domain name server security data is tested in a multi-threaded concurrent mode.
6. The method of claim 4, wherein the differentiated weight is set according to influence factors of each data index in the DNS record data, the domain name server network coverage data and the domain name server security data on the resolution service.
7. A prediction system for domain name resolution service security, the system comprising:
the domain name server acquisition module is used for acquiring a domain name server list according to the target domain name;
the DNS record data analysis module is used for analyzing whether the records related to the domain name are effective or consistent and giving respective weight scores according to the judgment result;
the network coverage data analysis module is used for analyzing the network coverage condition of the domain name server and giving respective weight scores according to the judgment result;
the domain name server security analysis module is used for analyzing the security performance condition of the domain name server and endowing respective weight scores according to the judgment result;
and the domain name safety prediction module is used for counting and adding all weight distributions and judging whether the target domain name is safe or not according to a preset threshold value.
8. The system of claim 7, wherein the DNS record data analysis module, the network coverage data analysis module, and the domain name server security analysis module perform analysis and computation simultaneously in a multi-threaded concurrent mode.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011378711.4A CN112714100B (en) | 2020-11-30 | 2020-11-30 | Method and system for predicting domain name resolution service safety |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011378711.4A CN112714100B (en) | 2020-11-30 | 2020-11-30 | Method and system for predicting domain name resolution service safety |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112714100A true CN112714100A (en) | 2021-04-27 |
| CN112714100B CN112714100B (en) | 2023-01-10 |
Family
ID=75543318
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011378711.4A Active CN112714100B (en) | 2020-11-30 | 2020-11-30 | Method and system for predicting domain name resolution service safety |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112714100B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060039352A1 (en) * | 2004-08-19 | 2006-02-23 | International Business Machines Corporation | System and method for designating a priority access order of domain name service servers |
| CN103002069A (en) * | 2012-12-25 | 2013-03-27 | 北京小米科技有限责任公司 | Domain name resolution method, device and system |
| CN103929330A (en) * | 2014-04-22 | 2014-07-16 | 中国科学院计算技术研究所 | Domain name service quality evaluation method and system |
| CN105262858A (en) * | 2015-11-06 | 2016-01-20 | 北京金山安全软件有限公司 | Method and device for detecting safety of Domain Name System (DNS) server |
| US20160150004A1 (en) * | 2014-11-20 | 2016-05-26 | F-Secure Corporation | Integrity Check of DNS Server Setting |
| US20170149730A1 (en) * | 2015-11-24 | 2017-05-25 | International Business Machines Corporation | Trustworthiness-verifying dns server for name resolution |
| CN109167674A (en) * | 2018-07-24 | 2019-01-08 | 网宿科技股份有限公司 | Methods of marking, domain name system DNS dispatching method and the server of service node |
-
2020
- 2020-11-30 CN CN202011378711.4A patent/CN112714100B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060039352A1 (en) * | 2004-08-19 | 2006-02-23 | International Business Machines Corporation | System and method for designating a priority access order of domain name service servers |
| CN103002069A (en) * | 2012-12-25 | 2013-03-27 | 北京小米科技有限责任公司 | Domain name resolution method, device and system |
| CN103929330A (en) * | 2014-04-22 | 2014-07-16 | 中国科学院计算技术研究所 | Domain name service quality evaluation method and system |
| US20160150004A1 (en) * | 2014-11-20 | 2016-05-26 | F-Secure Corporation | Integrity Check of DNS Server Setting |
| CN105262858A (en) * | 2015-11-06 | 2016-01-20 | 北京金山安全软件有限公司 | Method and device for detecting safety of Domain Name System (DNS) server |
| US20170149730A1 (en) * | 2015-11-24 | 2017-05-25 | International Business Machines Corporation | Trustworthiness-verifying dns server for name resolution |
| CN109167674A (en) * | 2018-07-24 | 2019-01-08 | 网宿科技股份有限公司 | Methods of marking, domain name system DNS dispatching method and the server of service node |
Non-Patent Citations (1)
| Title |
|---|
| 朱毅等: "基于模糊综合评价模型的DNS健康度评估", 《信息网络安全》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112714100B (en) | 2023-01-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Hao et al. | PREDATOR: proactive recognition and elimination of domain abuse at time-of-registration | |
| US11948115B2 (en) | Systems and methods for monitoring information security effectiveness | |
| RU2536663C2 (en) | System and method of protecting cloud infrastructure from illegal use | |
| Kührer et al. | Paint it black: Evaluating the effectiveness of malware blacklists | |
| US10021057B2 (en) | Relationship collaboration system | |
| Hao et al. | Understanding the domain registration behavior of spammers | |
| CN112637159A (en) | Network asset scanning method, device and equipment based on active detection technology | |
| CN110602029B (en) | Method and system for identifying network attack | |
| CN107124434B (en) | Method and system for discovering DNS malicious attack traffic | |
| CN103701793B (en) | The recognition methods of server broiler chicken and device | |
| CN107071084A (en) | A kind of DNS evaluation method and device | |
| CN106295349A (en) | Risk Identification Method, identification device and the anti-Ore-controlling Role that account is stolen | |
| CN112714100B (en) | Method and system for predicting domain name resolution service safety | |
| CN114430382A (en) | Method and device for reducing and detecting redundancy of authoritative domain name server based on passive DNS traffic | |
| CN116708028B (en) | External attack surface management method and system based on attacker view angle | |
| CN111625700B (en) | Anti-grabbing method, device, equipment and computer storage medium | |
| CN111131166A (en) | User behavior prejudging method and related equipment | |
| CN109688236B (en) | Sinkhole domain name processing method and server | |
| CN109190408B (en) | Data information security processing method and system | |
| CN106789979B (en) | Method and device for diagnosing effectiveness of active domain name in IDC machine room | |
| US11444971B2 (en) | Method for assessing the quality of network-related indicators of compromise | |
| CN115934058A (en) | Method for rapidly acquiring domain name and extracting value | |
| CN110868482A (en) | Method for searching real IP by bypassing CDN | |
| CN112637150A (en) | Honey pot analysis method and system based on nginx | |
| CN115834219B (en) | Network asset evaluation processing method, device, server and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |