CN112822223A - 一种dns隐蔽隧道事件自动化检测方法、装置和电子设备 - Google Patents
一种dns隐蔽隧道事件自动化检测方法、装置和电子设备 Download PDFInfo
- Publication number
- CN112822223A CN112822223A CN202110416533.8A CN202110416533A CN112822223A CN 112822223 A CN112822223 A CN 112822223A CN 202110416533 A CN202110416533 A CN 202110416533A CN 112822223 A CN112822223 A CN 112822223A
- Authority
- CN
- China
- Prior art keywords
- dns
- tunnel
- event
- flow
- flow data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/029—Firewall traversal, e.g. tunnelling or, creating pinholes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
Claims (10)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110416533.8A CN112822223B (zh) | 2021-04-19 | 2021-04-19 | 一种dns隐蔽隧道事件自动化检测方法、装置和电子设备 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110416533.8A CN112822223B (zh) | 2021-04-19 | 2021-04-19 | 一种dns隐蔽隧道事件自动化检测方法、装置和电子设备 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN112822223A true CN112822223A (zh) | 2021-05-18 |
CN112822223B CN112822223B (zh) | 2021-08-31 |
Family
ID=75863675
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110416533.8A Active CN112822223B (zh) | 2021-04-19 | 2021-04-19 | 一种dns隐蔽隧道事件自动化检测方法、装置和电子设备 |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112822223B (zh) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114430382A (zh) * | 2021-11-30 | 2022-05-03 | 中国科学院信息工程研究所 | 基于被动dns流量的权威域名服务器冗余度缩减检测方法及装置 |
CN115086080A (zh) * | 2022-08-03 | 2022-09-20 | 上海欣诺通信技术股份有限公司 | 一种基于流量特征的dns隐蔽隧道检测方法 |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2012034456A1 (zh) * | 2010-09-16 | 2012-03-22 | 中兴通讯股份有限公司 | 一种获取dns的方法和隧道网关设备 |
CN108632227A (zh) * | 2017-03-23 | 2018-10-09 | 中国移动通信集团广东有限公司 | 一种恶意域名检测处理方法及装置 |
CN110855632A (zh) * | 2019-10-24 | 2020-02-28 | 新华三信息安全技术有限公司 | 报文检测方法、装置、网络设备和计算机可读存储介质 |
CN111294332A (zh) * | 2020-01-13 | 2020-06-16 | 交通银行股份有限公司 | 一种流量异常检测与dns信道异常检测系统及方法 |
CN111786993A (zh) * | 2020-06-30 | 2020-10-16 | 山石网科通信技术股份有限公司 | Dns隧道流量的检测方法及装置 |
CN112272175A (zh) * | 2020-10-22 | 2021-01-26 | 江苏今浪信息技术有限公司 | 一种基于dns的木马病毒检测方法 |
-
2021
- 2021-04-19 CN CN202110416533.8A patent/CN112822223B/zh active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2012034456A1 (zh) * | 2010-09-16 | 2012-03-22 | 中兴通讯股份有限公司 | 一种获取dns的方法和隧道网关设备 |
CN108632227A (zh) * | 2017-03-23 | 2018-10-09 | 中国移动通信集团广东有限公司 | 一种恶意域名检测处理方法及装置 |
CN110855632A (zh) * | 2019-10-24 | 2020-02-28 | 新华三信息安全技术有限公司 | 报文检测方法、装置、网络设备和计算机可读存储介质 |
CN111294332A (zh) * | 2020-01-13 | 2020-06-16 | 交通银行股份有限公司 | 一种流量异常检测与dns信道异常检测系统及方法 |
CN111786993A (zh) * | 2020-06-30 | 2020-10-16 | 山石网科通信技术股份有限公司 | Dns隧道流量的检测方法及装置 |
CN112272175A (zh) * | 2020-10-22 | 2021-01-26 | 江苏今浪信息技术有限公司 | 一种基于dns的木马病毒检测方法 |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114430382A (zh) * | 2021-11-30 | 2022-05-03 | 中国科学院信息工程研究所 | 基于被动dns流量的权威域名服务器冗余度缩减检测方法及装置 |
CN115086080A (zh) * | 2022-08-03 | 2022-09-20 | 上海欣诺通信技术股份有限公司 | 一种基于流量特征的dns隐蔽隧道检测方法 |
CN115086080B (zh) * | 2022-08-03 | 2024-05-07 | 上海欣诺通信技术股份有限公司 | 一种基于流量特征的dns隐蔽隧道检测方法 |
Also Published As
Publication number | Publication date |
---|---|
CN112822223B (zh) | 2021-08-31 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111355697B (zh) | 僵尸网络域名家族的检测方法、装置、设备及存储介质 | |
US8015605B2 (en) | Scalable monitor of malicious network traffic | |
CN111478920A (zh) | 一种隐蔽信道通信检测方法、装置及设备 | |
CN112822223B (zh) | 一种dns隐蔽隧道事件自动化检测方法、装置和电子设备 | |
CN113468071B (zh) | 模糊测试用例生成方法、系统、计算机设备及存储介质 | |
CN113206860B (zh) | 一种基于机器学习和特征选择的DRDoS攻击检测方法 | |
CN112887274B (zh) | 命令注入攻击的检测方法、装置、计算机设备和存储介质 | |
CN112769833B (zh) | 命令注入攻击的检测方法、装置、计算机设备和存储介质 | |
CN113269389A (zh) | 基于深度信念网的网络安全态势评估和态势预测建模方法 | |
CN116366374B (zh) | 基于大数据的电网网络管理的安全评估方法、系统及介质 | |
SG184120A1 (en) | Method of identifying a protocol giving rise to a data flow | |
CN112351018A (zh) | Dns隐蔽信道检测方法、装置及设备 | |
CN111835681A (zh) | 一种大规模流量异常主机检测方法和装置 | |
CN112003869A (zh) | 一种基于流量的漏洞识别方法 | |
CN114972827A (zh) | 资产识别方法、装置、设备及计算机可读存储介质 | |
CN113114691A (zh) | 一种网络入侵检测方法、系统、设备和可读存储介质 | |
CN116015800A (zh) | 一种扫描器识别方法、装置、电子设备及存储介质 | |
CN113852625B (zh) | 一种弱口令监测方法、装置、设备及存储介质 | |
CN111565187B (zh) | 一种dns异常检测方法、装置、设备及存储介质 | |
Beheshti et al. | Packet information collection and transformation for network intrusion detection and prevention | |
Almutairi et al. | Predicting multi-stage attacks based on IP information | |
CN117201121A (zh) | 攻击对象的攻击威胁程度分析方法、装置和计算机设备 | |
CN117879855A (zh) | 检测dns隧道的方法、装置及电子设备 | |
CN116015890A (zh) | 网络扫描的检测方法、装置、电子设备和存储介质 | |
CN117768141A (zh) | 对抗网络入侵检测方法、装置、系统、计算机设备及介质 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20210924 Address after: B201d-1, 3rd floor, building 8, yard 1, Zhongguancun East Road, Haidian District, Beijing 100083 Patentee after: Beijing innovation Zhiyuan Technology Co.,Ltd. Address before: B201d-1, 3rd floor, building 8, yard 1, Zhongguancun East Road, Haidian District, Beijing 100083 Patentee before: Beijing Zhiyuan Artificial Intelligence Research Institute |
|
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20220413 Address after: Room 266, floor 2, building 1, No. 16, Shangdi Fifth Street, Haidian District, Beijing 100085 Patentee after: Beijing Tianji Youmeng Information Technology Co.,Ltd. Address before: B201d-1, 3rd floor, building 8, yard 1, Zhongguancun East Road, Haidian District, Beijing 100083 Patentee before: Beijing innovation Zhiyuan Technology Co.,Ltd. |
|
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20230104 Address after: 519,060 Room 1903-231, Unit 1, Regenerative Times Building, No. 55, Pingbei Second Road, Xiangzhou District, Zhuhai City, Guangdong Province (centralized office area) Patentee after: Tianji Youmeng (Zhuhai) Technology Co.,Ltd. Address before: Room 266, floor 2, building 1, No. 16, Shangdi Fifth Street, Haidian District, Beijing 100085 Patentee before: Beijing Tianji Youmeng Information Technology Co.,Ltd. |