CN115563498A - CDN recognition feature set expansion method facing HTTP feature - Google Patents
CDN recognition feature set expansion method facing HTTP feature Download PDFInfo
- Publication number
- CN115563498A CN115563498A CN202211150219.0A CN202211150219A CN115563498A CN 115563498 A CN115563498 A CN 115563498A CN 202211150219 A CN202211150219 A CN 202211150219A CN 115563498 A CN115563498 A CN 115563498A
- Authority
- CN
- China
- Prior art keywords
- cdn
- domain name
- data
- cname
- http
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/30—Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
- G06F16/35—Clustering; Classification
- G06F16/353—Clustering; Classification into predefined classes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- Databases & Information Systems (AREA)
- Data Mining & Analysis (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention provides a CDN identification feature set expansion method facing HTTP features, wherein the CDN identification feature set is mainly based on the matching of CNAME features, and the method comprises the following specific steps: step 1, acquiring domain name basic data, and reducing the detected domain name basic data by a method for reducing a detected object; and 2, performing secondary judgment on the domain name basic data to be classified by utilizing the HTTP characteristics, and expanding a CNAME characteristic set according to a judgment result to gradually improve the pre-classification precision, thereby achieving the purpose of collecting CNAME characteristic keywords registered by a new CDN manufacturer or collecting new CNAME characteristic keywords registered by an existing CDN manufacturer. The method depends on DNS analysis and HTTP analysis, is oriented to key domain names and regional recursive DNS servers, has low iteration time cost, has low requirement on machine cost, and can complete the expansion process by a single machine.
Description
Technical Field
The invention relates to the technical field of CDN identification, in particular to a CDN identification feature set expansion method facing HTTP features.
Background
A Content Delivery Network (CDN) is a virtual network constructed by combining a load balancing system with an edge server cluster, and can direct a request of an end user to an edge server with a short distance or a better delay performance, and meanwhile, has the advantages of reducing a source station load, resisting a DDos attack, and the like.
Currently, there are also many concerns about security holes, attack prevention, and other issues related to CDNs. Such as using CDN as a DDos attack means to paralyze the source station, utilizing a novel censorship evasion technique of CDN to provide protection for the offending station, not verifying the origin server certificate, etc. The identification of CDN manufacturers is not left in the aspects of discovering CDN attack events, vulnerability detection and repair, fusing CDN selection, CDN service ranking and the like.
The CDN identification mainly adopts a keyword matching technology, wherein the CNAME characteristic matching is taken as a main characteristic. Therefore, it is necessary to label the service characteristics of the CDN manufacturer newly registered or the CDN domain name newly registered by the manufacturer, and reduce the detection traffic as much as possible in the identification iteration process.
Disclosure of Invention
The invention provides a CDN identification feature set expansion method facing HTTP features, which aims at the technical problem that detection flow is reduced as much as possible by collecting CNAME feature keywords of a current CDN manufacturer which is newly registered or collecting new CNAME feature keywords which are registered by an existing CDN manufacturer.
Therefore, the technical scheme of the invention is that the CDN identification feature set expansion method facing HTTP features mainly takes the matching of CNAME features as the main steps, and the method comprises the following specific steps:
step 1, obtaining domain name basic data, and reducing the detected domain name basic data by a method for reducing a detected object, wherein the specific flow of the method for reducing the detected object is as follows:
step 1.1, according to a CDN nearby analysis principle, a regional recursive DNS server is used as an analysis center, domain name basic data is obtained facing a DNS side, a forwarding DNS server is used as a request object, and an analysis request is indirectly sent to the regional recursive DNS server by using the forwarding principle;
step 1.2, according to the recommendation of a service provider or other recommendation schemes, reducing forwarding DNS servers acquired in various regions across the country to meet the detection requirement of at least one DNS server in each region;
step 1.3, according to the load balancing function principle of the CDN, a key domain name is taken as a detection target;
step 1.4, based on HTTP relevant data and CNAME characteristic data, further reducing the detection data, and reducing the hotspot domain name by taking Ping reachable as a reduction means;
and 2, performing secondary judgment on the domain name basic data to be classified by utilizing the HTTP characteristics, and expanding a CNAME characteristic set according to a judgment result to gradually improve the pre-classification precision, thereby achieving the purpose of collecting CNAME characteristic keywords registered by a new CDN manufacturer or collecting new CNAME characteristic keywords registered by an existing CDN manufacturer.
Preferably, the domain name base data includes a CNAME record, an IP record, an HTTP response status code, and response header dictionary content.
Preferably, the specific steps of obtaining the domain name basic data are as follows:
step S1, appointing a key domain name list;
s2, analyzing the domain name website by using an HTTP (hyper text transport protocol) analyzing module, initiating a HEAD (HEAD request) to the domain name, and collecting response data HTTPheader and a state code Statuscode;
and step S3, taking the domain name with the HTTP resolution result in the step S2 as an input, and performing A record resolution on the domain name by using a DNS resolution module.
Preferably, the process of a record resolution for domain names using the DNS resolution module is to request all DNS servers for any domain name in the input domain names, and to keep all canonical host name records (cnamerrecord) and IP records (IPRecord) occurring during the resolution process.
Preferably, the WWW domain name and the SLD domain name in the SecRank domain name ranking are selected as the key domain name list.
Preferably, the specific steps of step 2 are as follows:
step 2.1, according to the result obtained in the step 1, pre-judging the use condition of the CDN, and dividing the domain name and domain name basic data into four types of CDN service, unused CDN service, invalid data and data to be classified;
step 2.2, filtering invalid data, performing model training on the remaining three types of data, and performing the following steps:
a) Extracting data using CDN service and data not using the CDN service as a training set of a model;
b) Extracting features according to the training set to construct a feature converter;
c) Coding the training set data and the data to be classified by using a feature converter;
d) Constructing a semi-supervised learning classifier according to the coding result of the training set;
e) Classifying data to be classified by using a classifier, wherein a key concern classification result is domain name basic data using CDN service;
and 2.3, aiming at the domain name using CDN service in the data to be classified as the identification result, extracting CNAME characteristic key words of the domain name, determining a CDN manufacturer corresponding to the key words according to a search engine or WHOIS information of a CNAME recording main domain name, and supplementing the CDN manufacturer into a CNAME key word characteristic set to complete a round of CNAME characteristic key word expansion process.
Preferably, the specific steps of CNAME keyword augmented learning are as follows:
step A, pre-classifying the currently acquired domain name basic data according to CDN use conditions, and classifying the domain name basic data into four types: invalid data, data to be classified, CDN service using and CDN service data not using;
step B, taking data using CDN service and data not using CDN service as a training set, and performing feature extraction on whether CDN service classification is used or not according to HTTPHeaders data;
c, performing independent hot coding on the training set according to the features extracted in the step B, performing model training by using a semi-supervised machine learning method, constructing an HTTP feature classifier, and automatically labeling the data to be classified obtained in the step 1;
step D, using the domain name basic data using the CDN service marked in the step C as the input of CDN keyword extraction;
preferably, the semi-supervised machine learning method employs the TSVM method.
Preferably, CDN keyword extraction is to perform main domain name extraction on an input CNAME record, and then manually label the extraction result, and make a decision on the name of a service provider of the current main domain name with the help of a search engine or using WHOIS information, and supplement the name to a CDN keyword database, thereby improving CDN identification accuracy.
The method has the advantages that the method depends on DNS analysis and HTTP analysis, is oriented to the key domain name and the regional recursive DNS server, has low iteration time cost, has low requirement on machine cost, and can complete the expansion process by a single machine. In the invention, each iteration utilizes HTTP characteristics to perform secondary judgment on the relevant data of the domain name to be classified, and the CNAME characteristic set is expanded according to the judgment result, so that the pre-classification precision is gradually improved, and the aim of collecting CNAME characteristic keywords registered by a new CDN manufacturer or collecting new CNAME characteristic keywords registered by the existing CDN manufacturer is fulfilled.
Drawings
FIG. 1 is a flow chart of the CNAME keyword expansion in the invention;
FIG. 2 is a detailed flow diagram of the CDN identification scheme of the present invention;
fig. 3 is a flow chart of domain name CDN use pre-classification rules in the present invention.
Detailed Description
The present invention will be further described with reference to the following examples.
Fig. 1 to fig. 3 are embodiments of a CDN identification feature set expansion method for HTTP features, where the CDN identification feature set is mainly based on matching of CNAME features, and the method includes the following specific steps:
step 1, obtaining domain name basic data, wherein the domain name basic data comprises CNAME records, IP records, HTTP response state codes and response head dictionary contents. The method for detecting the reduction of the object is used for reducing the detected domain name basic data, and the specific flow of the method for detecting the reduction of the object is as follows:
step 1.1, according to the CDN nearby analysis principle, a regional recursive DNS server is used as an analysis center, domain name basic data is obtained facing a DNS side, a forwarding DNS server is used as a request object, and the forwarding principle is used for indirectly initiating an analysis request to the regional recursive DNS server.
Because the regional recursive DNS server generally provides resolution services only to the region, and the forwarding DNS server (hereinafter, abbreviated as DNS server) has an explicit correspondence with the recursive DNS server, the present invention uses the forwarding DNS server as a request object, and indirectly initiates a resolution request to the regional recursive DNS server by using the forwarding principle thereof.
And step 1.2, according to the service provider recommendation or other recommendation schemes, reducing forwarding DNS servers acquired in various regions across the country to meet the detection requirement of at least one DNS server in each region.
And step 1.3, according to the load balancing function principle of the CDN, the key domain name is taken as a detection target. Because the domain name using the CDN has high probability of accessing the domain name with large flow, or called key domain name.
And step 1.4, based on the HTTP related data and the CNAME characteristic data, further reducing the detection data, and reducing the hotspot domain name by taking Ping reachable as a reduction means. Since HTTP is based on TCP, the TCPPing result can also be used, or the HTTP request result can be used directly for reduction.
By requesting the forwarding DNS server recommended by each region for the important domain name, the number of DNS request packets in the real network environment can be obviously reduced, and the detection efficiency of each iteration process is improved. Meanwhile, the key domain names can be further pre-screened by carrying out service open detection on the domain name service by combining a ping or TCPPing means, so that the subsequent request amount of multi-region detection is reduced.
Further, the specific steps of obtaining the domain name basic data are as follows:
step S1 specifies a list of key domain names. When domain name sites are important (or traffic is large), CDN techniques are often used to meet service needs, reduce costs, or defend against DDOS attacks, etc. Therefore, more information of CDN service providers can be obtained by reasonably selecting the key domain name list. In the embodiment, the SecRank domain name ranking published by QiAnxin is selected as the key reference, and the WWW domain name and the SLD domain name are selected as the key domain name list, because they are websites with high probability.
And S2, analyzing the domain name website by using an HTTP (hyper text transport protocol) analyzing module, initiating a HEAD request to the domain name, and collecting response data HTTPheader and a state code Statuscode. If multi-level information is returned, only the last piece of response data and the first received status code are reserved.
And step S3, taking the domain name with the HTTP resolution result in the step S2 as an input, and performing A record resolution on the domain name by using a DNS resolution module. For any of the input domain names, all DNS servers are requested to retain all canonical host name records (cnamerrecord) and IP records (IPRecord) that occur during the resolution process. The DNS servers need to cover as many geographical locations as possible, e.g. in each province, each operator selects one DNS server.
It should be noted that, if the distributed system is used to directly perform the parsing request to the regional recursive server corresponding to the system node, the EDNS extension option needs to be closed. CDN principle of nearby analysis: under the condition of not starting the EDNS, the CDN returns a better IP record according to the position of the DNS recursive server, thereby meeting the requirement of acquiring a more comprehensive IP record set. The purpose is the same as here using a forwarding DNS server indirect request.
Step 2 provides a CNAME feature set expansion method based on HTTP. And performing secondary judgment on the relevant data of the domain name to be classified by utilizing the HTTP characteristics, and expanding a CNAME characteristic set according to a judgment result to gradually improve the pre-classification precision, thereby achieving the purpose of collecting CNAME characteristic keywords of a new CDN manufacturer or collecting new CNAME characteristic keywords registered by the existing CDN manufacturer.
For a site using CDN services, a header information dictionary of an HTTP response delivered by the CDN to an end user typically contains vendor keyword information, hit conditions, and other special fields. Therefore, the present invention uses a semi-supervised machine learning method to determine whether domain name HTTP information satisfies the use of CDN features:
step 2.1, according to the result obtained in step 1, pre-determining the use condition of the CDN, and dividing the domain name and domain name related data into four types, that is, using the CDN service, not using the CDN service, invalid data, and data to be classified (the domain name related data includes CNAME records, IP records, HTTP response status codes, and response header dictionary content).
Step 2.2, filtering invalid data, performing model training on the remaining three types of data, and performing the following steps:
a) Extracting training set using data of CDN service and unused CDN service as model
b) Feature extraction is carried out according to the training set, and a feature converter is constructed
c) Encoding training set data, and data to be classified, using a feature converter
d) Constructing a semi-supervised learning classifier according to the coding result of the training set
e) Classifying data to be classified by using a classifier, and giving a strong attention to the fact that a classification result is domain name related data using CDN service
And 2.3, aiming at the domain name using CDN service in the data to be classified as the identification result, extracting a CNAME characteristic keyword of the domain name, determining a CDN manufacturer corresponding to the keyword according to a search engine or WHOIS information of a CNAME recorded main domain name, and supplementing the CDN manufacturer into a CNAME keyword characteristic set to complete a round of keyword expansion process.
In a traditional CDN identification method based on a matching rule, characteristics such as CNAME keywords, WHOIS information, IP attribution and HTTP are mostly adopted for identification, wherein the CNAME keyword characteristics are attributes with high identification efficiency and low analysis cost. However, currently, research on a method for collecting CNAME keywords is less, and therefore, the application provides a learning method for expanding a CNAME keyword feature set by using HTTP features, and aims to perform continuous iteration on the CNAME keyword feature set at a low execution cost, supplement newly-appeared CNAME keyword features on the market, and improve CDN identification and classification accuracy (in the present invention, a pre-classification process is used to identify a domain name by using a matching rule and use a CDN service condition).
Further, the specific steps of CNAME keyword augmented learning are as follows:
step a is to perform CDN use condition pre-classification on the domain name basic data currently acquired, and the classification process is shown in fig. 3. Data can be broadly divided into four categories: the method comprises the steps of (1) invalid data, (2) data to be classified, (3) using CDN service, and (4) not using CDN service data.
The classification is conservative, and the theoretical basis is as follows: the HTTP response status code (status code) is an error code (4 XX, 5 XX) or data that fails to be resolved, and the resolved data does not contain the domain name of the CNAME record, as invalid data filtering (the CNAME expansion is based on HTTP information and CNAME information, so that data that does not contain both types of information at the same time is filtered out).
Secondly, the CNAME records data successfully matched with the keyword, as data using the CDN service. In the data of CNAME matching failure, the HTTP response status code is normal, and the IP records are analyzed frequently and are the same, and the data are used as the data which do not use CDN service. The rest data are classified as the data to be classified.
And step B, taking the data using the CDN service and the data not using the CDN service as a training set, and performing feature extraction on whether CDN service classification is used or not according to HTTPHeaders data.
The TF-IDF method is used to perform statistical ranking on the keywords and extract features that help the classification effect to be obvious (principal component analysis methods such as PCA and LDA can also be used to perform feature extraction, which are not described herein again).
And step C, performing one-hot coding on the training set according to the characteristics extracted in the step B, performing model training by using a semi-supervised machine learning method, constructing an HTTP characteristic classifier, and automatically labeling the data to be classified obtained in the step 1. The TSVM method is adopted in semi-supervised learning, the good effect is achieved on the binary problem, and the limited set labeling work can be efficiently completed.
And step D, using the domain name basic data which is marked in the step C and uses the CDN service as the input of CDN keyword extraction. CDN keyword extraction is to extract a main domain name of an input CNAME record, then manually label an extraction result, confirm a service provider name of the current main domain name by means of a search engine or by using WHOIS information, and supplement the service provider name into a CDN keyword database, so that CDN identification precision is improved.
The invention provides a CDN identification feature set expansion method which mainly depends on DNS analysis and HTTP analysis, is oriented to key domain name and regional recursive DNS servers, has low iteration time cost, has low requirement on machine cost, and can be completed by a single machine. In the invention, each iteration utilizes HTTP characteristics to perform secondary judgment on the relevant data of the domain name to be classified, and the CNAME characteristic set is expanded according to the judgment result, so that the pre-classification precision is gradually improved, and the aim of collecting CNAME characteristic keywords registered by a new CDN manufacturer or collecting new CNAME characteristic keywords registered by the existing CDN manufacturer is fulfilled.
However, the above description is only exemplary of the present invention, and the scope of the present invention should not be limited thereby, and the replacement of the equivalent components or the equivalent changes and modifications made according to the protection scope of the present invention should be covered by the claims of the present invention.
Claims (9)
1. A CDN identification feature set expansion method facing HTTP features is characterized in that the CDN identification feature set mainly takes matching of CNAME features as main steps, and the method comprises the following specific steps:
step 1, obtaining domain name basic data, and reducing the detected domain name basic data by a method for detecting object reduction, wherein the specific flow of the method for detecting object reduction is as follows:
step 1.1, according to a CDN nearby analysis principle, a regional recursive DNS server is used as an analysis center, domain name basic data is obtained facing a DNS side, a forwarding DNS server is used as a request object, and an analysis request is indirectly sent to the regional recursive DNS server by using the forwarding principle;
step 1.2, according to a service provider recommendation scheme, reducing forwarding DNS servers acquired in all regions in the country to meet the detection requirement of at least one DNS server in each region;
step 1.3, according to the load balancing function principle of the CDN, a key domain name is taken as a detection target;
step 1.4, based on HTTP relevant data and CNAME characteristic data, further reducing the detection data, and reducing the hotspot domain name by taking Ping reachable as a reduction means;
and 2, performing secondary judgment on the domain name basic data to be classified by utilizing the HTTP characteristics, and expanding a CNAME characteristic set according to a judgment result to gradually improve the pre-classification precision, thereby achieving the purpose of collecting CNAME characteristic keywords registered by a new CDN manufacturer or collecting new CNAME characteristic keywords registered by an existing CDN manufacturer.
2. The CDN feature set expansion method for HTTP feature oriented CDN of claim 1 wherein the domain name base data includes CNAME records, IP records, HTTP response status codes and response header dictionary content.
3. The CDN identification feature set expansion method for HTTP features as claimed in claim 1 wherein the specific steps to obtain domain name base data are as follows:
step S1, appointing a key domain name list;
s2, analyzing the domain name website by using an HTTP (hyper text transport protocol) analyzing module, initiating a HEAD (HEAD request) to the domain name, and collecting response data HTTPheader and a state code Statuscode;
and step S3, taking the domain name with the HTTP resolution result in the step S2 as an input, and performing A record resolution on the domain name by using a DNS resolution module.
4. The method as claimed in claim 3, wherein the step of performing a record resolution on the domain name using the DNS resolution module is to request all DNS servers for any domain name in the input domain names, and keep all canonical host name records (cnamerrecord) and IP records (IPRecord) occurring during the resolution process.
5. The CDN identification feature set expansion method for HTTP features as claimed in claim 3, wherein the WWW domain and SLD domain in SecRank domain ranking are selected as the key domain list.
6. The CDN identification feature set expansion method for HTTP features as recited in claim 1, wherein the specific steps of step 2 are as follows:
step 2.1, according to the result obtained in the step 1, pre-judging the use condition of the CDN, and dividing the domain name and domain name basic data into four types of CDN service, unused CDN service, invalid data and data to be classified;
step 2.2, filtering invalid data, performing model training on the remaining three types of data, and performing the following steps:
a) Extracting data using CDN service and data not using the CDN service as a training set of a model;
b) Extracting features according to the training set to construct a feature converter;
c) Coding the training set data and the data to be classified by using a characteristic converter;
d) Constructing a semi-supervised learning classifier according to the coding result of the training set;
e) Classifying data to be classified by using a classifier, wherein a key concern classification result is domain name basic data using CDN service;
and 2.3, aiming at the domain name using CDN service in the data to be classified as the identification result, extracting CNAME characteristic key words of the domain name, determining a CDN manufacturer corresponding to the key words according to a search engine or WHOIS information of a CNAME recording main domain name, and supplementing the CDN manufacturer into a CNAME key word characteristic set to complete a round of CNAME characteristic key word expansion process.
7. The CDN identification feature set expansion method for HTTP feature of claim 1, wherein CNAME keyword expansion learning comprises the following steps:
step A, pre-classifying the currently acquired domain name basic data according to CDN use conditions, and classifying the domain name basic data into four types: invalid data, data to be classified, CDN service using and CDN service data not used;
step B, taking data using CDN service and data not using CDN service as a training set, and performing feature extraction on whether CDN service classification is used or not according to HTTPHeaders data;
c, performing independent hot coding on the training set according to the features extracted in the step B, performing model training by using a semi-supervised machine learning method, constructing an HTTP feature classifier, and automatically labeling the data to be classified obtained in the step 1;
and D, using the domain name basic data using the CDN service marked in the step C as the input of CDN keyword extraction.
8. The CDN feature set expansion method for HTTP features of claim 7 wherein the semi-supervised machine learning method employs TSVM method.
9. The CDN identification feature set expansion method for the HTTP feature as recited in claim 7, wherein CDN keyword extraction is to extract a main domain name from an input CNAME record, and then manually label the extraction result, and supplement the name of a service provider with the current main domain name to a CDN keyword database by means of a search engine or using WHOIS information to improve CDN identification accuracy.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211150219.0A CN115563498A (en) | 2022-09-21 | 2022-09-21 | CDN recognition feature set expansion method facing HTTP feature |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211150219.0A CN115563498A (en) | 2022-09-21 | 2022-09-21 | CDN recognition feature set expansion method facing HTTP feature |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115563498A true CN115563498A (en) | 2023-01-03 |
Family
ID=84741610
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211150219.0A Pending CN115563498A (en) | 2022-09-21 | 2022-09-21 | CDN recognition feature set expansion method facing HTTP feature |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115563498A (en) |
-
2022
- 2022-09-21 CN CN202211150219.0A patent/CN115563498A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US6741990B2 (en) | System and method for efficient and adaptive web accesses filtering | |
| CN109905288B (en) | Application service classification method and device | |
| US20100217842A1 (en) | Registration and use of patterns defined by expressions as domain names | |
| KR101223931B1 (en) | Method for real-time detecting anomalies using dns packet | |
| CN103188104A (en) | Method and device for analyzing user behaviors | |
| EP3398311B1 (en) | Method and system for preserving privacy in an http communication between a client and a server | |
| CN104639391A (en) | Method for generating network flow record and corresponding flow detection equipment | |
| CN109768992A (en) | Webpage malicious scanning processing method and device, terminal device, readable storage medium storing program for executing | |
| CN112333185B (en) | Domain name shadow detection method and device based on DNS (Domain name Server) resolution | |
| CN114328962A (en) | Method for identifying abnormal behavior of web log based on knowledge graph | |
| EP3972315A1 (en) | Network device identification | |
| RU2005120234A (en) | SYSTEM AND METHOD FOR RESOLUTION OF NAMES | |
| CN113438332B (en) | DoH service identification method and device | |
| CN109995885B (en) | Domain name space structure presentation method, device, equipment and medium | |
| CN115563498A (en) | CDN recognition feature set expansion method facing HTTP feature | |
| CN108600054B (en) | Method and system for judging number of websites based on domain name area files | |
| CN113766046B (en) | Iterative traffic tracking method, DNS server and computer readable storage medium | |
| KR102127272B1 (en) | Automation of sql tuning method and system using statistic sql pattern analysis | |
| CN114969450B (en) | User behavior analysis method, device, equipment and storage medium | |
| CN115412306A (en) | Domain name homology judgment method and device, electronic equipment and storage medium | |
| CN110912749A (en) | Method for predicting DNS data | |
| CN114978740A (en) | Block chain-based identification association and verification analysis method | |
| JP6170001B2 (en) | Communication service classification device, method and program | |
| CN114051014B (en) | Method and system for realizing billion-level URL (Uniform resource locator) identification and classification based on DNS (domain name system) drainage | |
| CN111510512A (en) | Method for quickly acquiring all IP of domain name |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |