CN115442250A - Method for acquiring and classifying massive DNS service attributes - Google Patents
Method for acquiring and classifying massive DNS service attributes Download PDFInfo
- Publication number
- CN115442250A CN115442250A CN202210961763.7A CN202210961763A CN115442250A CN 115442250 A CN115442250 A CN 115442250A CN 202210961763 A CN202210961763 A CN 202210961763A CN 115442250 A CN115442250 A CN 115442250A
- Authority
- CN
- China
- Prior art keywords
- return
- dns
- authority
- dns server
- attributes
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 13
- 230000003993 interaction Effects 0.000 claims abstract description 4
- 230000036244 malformation Effects 0.000 claims abstract description 4
- 238000013475 authorization Methods 0.000 claims description 2
- 238000005516 engineering process Methods 0.000 abstract description 2
- 238000013507 mapping Methods 0.000 abstract description 2
- 238000002474 experimental method Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/50—Network service management, e.g. ensuring proper service fulfilment according to agreements
- H04L41/5058—Service discovery by the service manager
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention discloses a method for acquiring and classifying massive DNS service attributes, belonging to the technical field of network assets, and comprising the following specific steps: (1) Performing deep interaction with DNS service of a DNS server, acquiring DNS service attributes of a large number of DNS servers, wherein the DNS service attributes comprise protocol malformation, ARRs return, auth authority return with authority =1, authority return with RCODE =3, authority return with RCODE =9, err return for erasing request problems, refusal return with RCODE =5, overtime, other conditions and other service return attributes, NS service attribute identification classification is detailed, and the result is accurate, for example, an authority classification set sample in an experimental result is randomly extracted: 45.60.109.210, namely, aiming at the DNS server, the method can identify the DNS server as an authoritative DNS server, namely, the DNS server is an important key facility in the network space, two groups of similar mapping technologies are extracted from the network, and only fingerprint return is given as a result, and the DNS server is not marked and identified as the authoritative DNS server.
Description
Technical Field
The invention relates to the technical field of network assets, in particular to a method for acquiring and classifying massive DNS service attributes.
Background
Network assets are playing an increasingly important role in enterprises and public institutions, and especially in massive network spaces, the loss of assets is light and causes the loss of institutions, and the loss of assets is heavy and can endanger the benefits of the countries. Therefore, how to protect these network assets is the subject of the key research on network security.
The most important of the network assets is the key infrastructure network assets, called the "key assets" for short, and how to identify these key assets occupies the main position of asset identification in the network space. In the key infrastructure assets, the DNS server takes an important role, so that the DNS server in the network space and the DNS service attribute thereof can be accurately identified, and the network space related base asset protection can be further made. The DNS server is only used in the market at present, and real attribute identification is not achieved. Therefore, a method for acquiring and classifying massive DNS service attributes is provided.
Disclosure of Invention
The invention aims to provide a method for acquiring and classifying mass DNS service attributes, so as to solve the problems that the existing DNS service attribute identification classification proposed in the background art is not detailed enough and has an inaccurate structure.
In order to achieve the purpose, the invention provides the following technical scheme: a method for acquiring and classifying mass DNS service attributes comprises the following specific steps:
(1) Performing deep interaction with DNS service of a DNS server, and acquiring DNS service attributes of a large number of DNS servers, wherein the DNS service attributes comprise nine service return attributes of protocol malformation, ARRs return, auth authority return with authority =1, authority return with RCODE =3, authority return with RCODE =9, err return for removing a request problem, refusal return with RCODE =5, overtime, other conditions and the like;
(2) Performing attribute classification by using the nine returned attributes;
(3) And counting the occupation ratio conditions of various classifications to better master the DNS server service condition in the network space.
Preferably, the proportion of 1.52% for the authorization =1 was found in the experiment.
Compared with the prior art, the invention has the beneficial effects that:
the DNS service attribute identification classification is detailed, the result is accurate, and if an authoritative classification set sample in the experiment result is randomly extracted: 45.60.109.210, namely, aiming at the DNS server, the method can identify the DNS server as an authoritative DNS server, namely, the DNS server is an important key facility in the network space, two groups of similar mapping technologies are extracted from the network, and only fingerprint return is given as a result, and the DNS server is not marked and identified as the authoritative DNS server.
Drawings
FIG. 1 is a test chart of the present invention;
FIG. 2 is a graph of the test code;
FIG. 3 is a schematic diagram of code execution;
fig. 4 is a diagram illustrating an execution result.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the description of the present invention, it is to be understood that the terms "upper", "lower", "front", "rear", "left", "right", "top", "bottom", "inner", "outer", and the like, indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, are merely for convenience in describing the present invention and simplifying the description, and do not indicate or imply that the device or element being referred to must have a particular orientation, be constructed and operated in a particular orientation, and thus, should not be construed as limiting the present invention.
Example (b):
referring to fig. 1-4, the present invention provides a technical solution: a method for acquiring and classifying massive DNS service attributes comprises the following specific steps:
(1) Performing deep interaction with DNS service of a DNS server, and acquiring DNS service attributes of a large number of DNS servers, wherein the DNS service attributes comprise nine service return attributes of protocol malformation, ARRs return, auth authority return with authority =1, authority return with RCODE =3, authority return with RCODE =9, err return for removing a request problem, refusal return with RCODE =5, overtime, other conditions and the like;
(2) Performing attribute classification by using the nine returned attributes;
(3) And counting the various classified occupation ratio conditions, and better mastering the DNS server service conditions in the network space.
The proportion of 1.52% was found for the acoustic =1 case in the experiment.
While there have been shown and described the fundamental principles and essential features of the invention and advantages thereof, it will be apparent to those skilled in the art that the invention is not limited to the details of the foregoing exemplary embodiments, but is capable of other specific forms without departing from the spirit or essential characteristics thereof; the present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein, and any reference signs in the claims are not intended to be construed as limiting the claim concerned.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that various changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (2)
1. A method for obtaining and classifying mass DNS service attributes is characterized in that: the method for acquiring and classifying the mass DNS service attributes comprises the following specific steps:
(1) Performing deep interaction with DNS service of a DNS server, and acquiring DNS service attributes of a large number of DNS servers, wherein the DNS service attributes comprise nine service return attributes of protocol malformation, ARRs return, auth authority return with authority =1, authority return with RCODE =3, authority return with RCODE =9, err return for removing a request problem, refusal return with RCODE =5, overtime, other conditions and the like;
(2) Performing attribute classification by using the nine returned attributes;
(3) And counting the occupation ratio conditions of various classifications to better master the DNS server service condition in the network space.
2. The method for acquiring and classifying mass DNS service attributes according to claim 1, wherein: the proportion of 1.52% was found for the authorization = 1.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210961763.7A CN115442250A (en) | 2022-08-11 | 2022-08-11 | Method for acquiring and classifying massive DNS service attributes |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210961763.7A CN115442250A (en) | 2022-08-11 | 2022-08-11 | Method for acquiring and classifying massive DNS service attributes |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115442250A true CN115442250A (en) | 2022-12-06 |
Family
ID=84243484
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210961763.7A Pending CN115442250A (en) | 2022-08-11 | 2022-08-11 | Method for acquiring and classifying massive DNS service attributes |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115442250A (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105376096A (en) * | 2015-11-26 | 2016-03-02 | 中国互联网络信息中心 | Method and system for analyzing domain name, evaluating and feeding back data quality and optimizing data |
| CN105812204A (en) * | 2016-03-14 | 2016-07-27 | 中国科学院信息工程研究所 | Recursion domain name server online identification method based on connectivity estimation |
| CN106603734A (en) * | 2015-10-16 | 2017-04-26 | 任子行网络技术股份有限公司 | CDN service IP detection method and system |
| CN107749898A (en) * | 2017-08-24 | 2018-03-02 | 深圳市大讯永新科技有限公司 | DNS accesses data and sorted out and Intranet access accounting raising method, system |
| JP2019186659A (en) * | 2018-04-05 | 2019-10-24 | 浩 河之邊 | Method, program, and device for preventing dns water attack |
| CN112738286A (en) * | 2020-12-09 | 2021-04-30 | 杭州安恒信息技术股份有限公司 | IP attribute identification method, system and computer equipment |
| CN113596194A (en) * | 2021-08-02 | 2021-11-02 | 牙木科技股份有限公司 | Method for DNS traffic classification calibration and DNS server |
| US20220094661A1 (en) * | 2020-09-21 | 2022-03-24 | Level 3 Communications, Llc | Collecting passive dns traffic to generate a virtual authoritative dns server |
-
2022
- 2022-08-11 CN CN202210961763.7A patent/CN115442250A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106603734A (en) * | 2015-10-16 | 2017-04-26 | 任子行网络技术股份有限公司 | CDN service IP detection method and system |
| CN105376096A (en) * | 2015-11-26 | 2016-03-02 | 中国互联网络信息中心 | Method and system for analyzing domain name, evaluating and feeding back data quality and optimizing data |
| CN105812204A (en) * | 2016-03-14 | 2016-07-27 | 中国科学院信息工程研究所 | Recursion domain name server online identification method based on connectivity estimation |
| CN107749898A (en) * | 2017-08-24 | 2018-03-02 | 深圳市大讯永新科技有限公司 | DNS accesses data and sorted out and Intranet access accounting raising method, system |
| JP2019186659A (en) * | 2018-04-05 | 2019-10-24 | 浩 河之邊 | Method, program, and device for preventing dns water attack |
| US20220094661A1 (en) * | 2020-09-21 | 2022-03-24 | Level 3 Communications, Llc | Collecting passive dns traffic to generate a virtual authoritative dns server |
| CN112738286A (en) * | 2020-12-09 | 2021-04-30 | 杭州安恒信息技术股份有限公司 | IP attribute identification method, system and computer equipment |
| CN113596194A (en) * | 2021-08-02 | 2021-11-02 | 牙木科技股份有限公司 | Method for DNS traffic classification calibration and DNS server |
Non-Patent Citations (1)
| Title |
|---|
| RUI WANG等: "A DNS Based on Server Classification Method Long-Term Behavior Features", 《MACHINE LEARNING FOR CYBER SECURITY》, pages 404 - 418 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107071084B (en) | A kind of evaluation method and device of DNS | |
| CN109828967B (en) | Companion relationship acquisition method, system, equipment and storage medium | |
| CN109634959B (en) | Block indexing method and block indexing device | |
| CN113242236A (en) | Method for constructing network entity threat map | |
| CN114297448B (en) | License applying method, system and medium based on intelligent epidemic prevention big data identification | |
| CN111339151B (en) | Online examination method, device, equipment and computer storage medium | |
| CN114389871A (en) | Automatic analysis method and device for abnormal login of account | |
| CN109543118A (en) | Web terrestrial reference reliability estimation method and device based on multilevel policy decision | |
| CN113132311A (en) | Abnormal access detection method, device and equipment | |
| CN110891071A (en) | Network traffic information acquisition method, device and related equipment | |
| CN115442250A (en) | Method for acquiring and classifying massive DNS service attributes | |
| CN113947497A (en) | Data spatial feature extraction and identification method and system | |
| CN109345049B (en) | Block chain project EPI evaluation method based on block chain technology | |
| CN114979067B (en) | Determination method, device, equipment and medium of unit jurisdiction organization | |
| CN112003884A (en) | Network asset acquisition and natural language retrieval method | |
| CN115174205B (en) | Network space safety real-time monitoring method, system and computer storage medium | |
| CN116188223A (en) | Personnel residence management system, method and electronic equipment | |
| CN109299598A (en) | Data managing method and device | |
| CN109685094B (en) | Identity recognition method and device based on network fingerprint | |
| CN112115144A (en) | Method for comparing address matching based on standard address matrix weighted mapping | |
| CN114168640A (en) | Encoding processing method, encoding processing device, electronic equipment and storage medium | |
| CN112416993A (en) | Trademark change judgment method, system, equipment and readable storage medium | |
| CN115858712B (en) | Address information mapping method, system and medium based on improved NLP algorithm | |
| CN107135281B (en) | IP region feature extraction method based on multi-data source fusion | |
| CN113949529B (en) | Credible hybrid cloud management platform access method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |