KR101662530B1 - System for detecting and blocking host access to the malicious domain, and method thereof - Google Patents
System for detecting and blocking host access to the malicious domain, and method thereof Download PDFInfo
- Publication number
- KR101662530B1 KR101662530B1 KR1020150074619A KR20150074619A KR101662530B1 KR 101662530 B1 KR101662530 B1 KR 101662530B1 KR 1020150074619 A KR1020150074619 A KR 1020150074619A KR 20150074619 A KR20150074619 A KR 20150074619A KR 101662530 B1 KR101662530 B1 KR 101662530B1
- Authority
- KR
- South Korea
- Prior art keywords
- malicious domain
- malicious
- information
- dns
- domain
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/142—Denial of service attacks against network infrastructure
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Technology Law (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
Description
The present invention relates to a malicious domain access detection and blocking system and method for a host, and more particularly, to a malicious domain access detection and blocking system for a malicious domain, A malicious domain access detection and blocking system of a host capable of detecting, blocking and protecting a cyber threat in advance.
In case of attack using multiple computers such as DDoS or DoS attack while performing security control in the network environment, additional damage such as paralysis of important service and decrease of external credibility occurs because it affects the periodical service of the national institution do.
Therefore, the most common method used in the process of accessing a malicious server using a large-scale infected PC or a rapidly changing malicious server or leaking internal information is an access using a specific domain name. In view of security control, Real-time detection and analysis of traffic to be accessed is important.
Although many methods have been proposed to detect and respond to such large-scale infected PCs and rapidly changing attacks, various countermeasures exist in different stages of attack and malicious behavior, and they are difficult to apply and are not a fundamental solution.
In particular, most existing security countermeasures do not provide a fundamental solution because they are based on post-security events or applying known patterns of countermeasures. Therefore, it is important to prevent access to an external host (C & C server) related to malicious activity in advance in order to prevent a large-scale infected PC or an attack for malicious host access in advance. In general, external hosts associated with malicious behavior are primarily domain names. From this point of view, large-scale damage can be prevented if domain-based access to malicious hosts can be detected and blocked in advance. Therefore, when the access to the external malicious domain can be detected and blocked in advance, the effect can be sufficiently expected as compared with the post-response.
The existing malicious domain access detection system is mostly using a packet detection method using an IDS (Intrusion Detection System) sensor or a DNS sinkhole. In the existing method, the malicious domain pattern may be used to detect an accessing behavior or to block access to a known malicious domain or a domain determined to be a harmful domain.
These existing methods are only temporary countermeasures and do not provide a fundamental solution to perform real-time identification and source blocking for hosts performing malicious domain access. In addition, if a pattern for accessing a malicious domain and performing a malicious action is not known, existing IDS can not detect it and can not identify a suspicious host of an internal infection.
In particular, in the case of introducing and using a separate hardware device used recently, there is a disadvantage that it is difficult to apply it immediately because the DNS or network of the organization network and the change of the basic system are required.
Prior art related to the present invention is disclosed in Korean Patent Publication No. 2012-0092286 (Botnet detection method and system using domain name service query data), Korean Patent No. 1271449 (DNS forced bypassing malicious traffic control and information leakage A method for providing a detection service, a server and a recording medium), Journal of the Korean Information and Communications Society (Detection of cyber threat domain based on DNS traffic, Lim Sun Hee, Vol 37B No 11, pp 1082, 2012.11.
The present invention has been proposed in order to solve the above-mentioned problems of the prior art. In view of the fact that a host infected with DDoS or a large-scale malicious code accesses a C & C server and receives an instruction, And a host system that detects and blocks an infected host and removes malicious code to minimize damage to the host system.
According to another aspect of the present invention, there is provided a malicious domain access detection and blocking method for a host, the malicious domain tracking unit comprising: tracking malicious domains in real time; The malicious domain management and distribution unit receiving the information on the tracked malicious domain and distributing the information to the authority DNS and the malicious domain query authority delegation unit; The authority DNS and the malicious domain inquiry delegation unit updating malicious domain information based on the information of the malicious domain being distributed; And the malicious domain query authority delegation unit responds to a malicious domain query of an authority host delegated from the institutional DNS, and refers to the information of the malicious domain zone file for the updated malicious domain, And transmitting to the institution host via an institutional DNS.
The updating of the malicious domain information may update the DNS configuration file.
Updating the DNS configuration file includes generating a malicious domain zone file for the updated malicious domain according to the malicious domain query delegation unit receiving malicious domain information to be updated from the institutional DNS; The malicious domain query authority delegation unit sending the generated malicious domain zone file to the institution DNS; And adding the malicious domain zone file to the DNS configuration file by the authority DNS.
The step of generating the malicious domain zone file may include: obtaining an IP address of the malicious domain access inducing unit; Setting an IP of the obtained malicious domain access inducement unit to a malicious domain IP; And setting the malicious domain IP as information of the malicious domain zone file.
The TTL of the zone file for the updated malicious domain may be set to "0" in the step of transmitting the IP for the malicious domain to the institution host via the institutional DNS.
The IP for the malicious domain may be the IP of the malicious domain access inducement unit.
The malicious domain access information collection unit may further include collecting access log information and malicious domain access packet information of an institution host accessing the malicious domain.
The access log may include log information according to the malicious domain query, and the malicious domain access packet information may include transmission / reception packet information between the institution host and the malicious domain access guidance section.
And storing the collected access log and malicious domain access packet information in the database unit after collecting the access log and the malicious domain access packet information of the institution host accessing the malicious domain.
A host malicious domain access detection and blocking apparatus according to a preferred embodiment of the present invention includes: a malicious domain tracking unit for tracking a malicious domain in real time; A malicious domain management and distribution unit for receiving the tracked malicious domain information and distributing the information to the authority DNS and malicious domain query authority delegation unit; And updating malicious domain information based on information of the malicious domain to be distributed, responding to a malicious domain query of an institution host delegated from the institutional DNS, and referring to the information of the malicious domain zone file for the updated malicious domain And transmitting the IP for the malicious domain to the institution host through the institution DNS.
The malicious domain query authority delegation unit may update the DNS configuration file in association with the institutional DNS in updating the malicious domain information.
The malicious domain query authority delegation unit generates malicious domain zone files for the updated malicious domain and sends the malicious domain zone file to the institutional DNS in response to receiving the malicious domain information to be updated from the institutional DNS, The DNS configuration file can be updated by adding the domain zone file to the DNS configuration file.
The malicious domain inquiry delegation unit obtains the IP of the malicious domain access inducement unit, sets the acquired IP of the malicious domain access inducement unit as the malicious domain IP, and includes the set malicious domain IP as the information of the malicious domain zone file The malicious domain zone file can be generated.
And a malicious domain access information collection unit for collecting malicious domain access packet information and an access log of an institution host accessing the malicious domain.
The malicious domain access information collection unit may store the collected access log and malicious domain access packet information in a database unit.
When the institutional DNS receives a malicious domain query from the institution host, the institutional DNS can collect query packets including a malicious domain query host IP, a query target malicious domain name, and a query time, and transmit the query packet to the malicious domain management and distribution unit.
According to the present invention having such a configuration, there is an effect that the attempt to connect from an institution host to an external malicious domain is essentially blocked. Malicious activities that attempt to connect to an external malicious domain include downloading and installing malicious code and leakage of important internal data, thereby blocking attempts of such malicious activity.
In addition, host information suspected of being infected or hacked by a malicious file can be directly acquired and countermeasures can be taken.
If the malicious domain information is known but information on the transmission / reception packet pattern is insufficient, additional information may be acquired to acquire important information applicable to the information protection system in operation.
The biggest advantage of the present invention is that a software agent is installed in an active DNS server and the external interworking system is added immediately without changing the DNS structure and network structure used in existing organizations. That is, the present invention can identify the malicious domain access using the institutional DNS without changing the network installed in the existing institution.
The present invention can be applied to a system for detecting a traffic that accesses a specific domain in order to attack a large-scale network using a malicious domain or to leak internal information to the outside.
The system of the present invention can be utilized to identify a user host that is highly likely to be infected with a malicious program within an installed organization.
In addition, the present invention minimizes the damage to an institution by allowing the security officer of the institution to access the intended network and / or host to block malicious domain access.
And malicious behavior can be monitored by directing network access attempts to access malicious domains to a controlled network and / or host. That is, the present invention collects data that can be basic data for monitoring the detailed activity of an infectious agent such as malicious code by inducing traffic of an infected host to an access inducing network (host) intended by a security administrator .
In particular, the system of the present invention can be applied to an actual network without a large change of a specific network. Also, by applying the result generated by the system of the present invention to the existing security control system, it is possible to increase the scan rate of the existing security control system.
1 is a diagram illustrating a configuration and a schematic operation flow of a malicious domain access detection and blocking system of a host according to an embodiment of the present invention.
2 is a flowchart illustrating a malicious domain access detection and blocking method of a host according to an embodiment of the present invention.
FIGS. 3 to 6 are flowcharts for explaining the malicious domain zone file and the DNS configuration file for malicious domain query response shown in FIG. 2 in detail.
FIG. 7 is a flowchart illustrating details of a step of collecting access information of a host accessing the malicious domain shown in FIG. 2. FIG.
While the invention is susceptible to various modifications and alternative forms, specific embodiments thereof are shown by way of example in the drawings and will herein be described in detail.
It should be understood, however, that the invention is not intended to be limited to the particular embodiments, but includes all modifications, equivalents, and alternatives falling within the spirit and scope of the invention.
The terminology used in this application is used only to describe a specific embodiment and is not intended to limit the invention. The singular expressions include plural expressions unless the context clearly dictates otherwise. In the present application, the terms "comprises" or "having" and the like are used to specify that there is a feature, a number, a step, an operation, an element, a component or a combination thereof described in the specification, But do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, or combinations thereof.
Unless defined otherwise, all terms used herein, including technical or scientific terms, have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. Terms such as those defined in commonly used dictionaries should be interpreted as having a meaning consistent with the meaning in the context of the relevant art and are to be interpreted in an ideal or overly formal sense unless explicitly defined in the present application Do not.
Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings. In order to facilitate the understanding of the present invention, the same reference numerals are used for the same constituent elements in the drawings and redundant explanations for the same constituent elements are omitted.
The present invention provides a method for identifying a host suspected of being infected with a malicious code and preventing an access to a malicious domain in advance. In addition, the present invention provides a method for identifying and blocking a host attempting to access a malicious domain by a software method or to leak internal information to the outside without greatly changing a DNS system or network configuration used in an existing institution. In addition, the present invention quickly collects malicious domain information in real time through the malicious domain tracking unit for rapid malicious domain information management, and enables malicious domain access detection and blocking activities in the organization to reflect the latest information. In particular, the present invention provides a software-based method for providing an ability to change an access network as intended to obtain institutional affiliation information, host information, and additional information for a host to access according to the intention of a security administrator.
1 is a diagram illustrating a configuration and a schematic operation flow of a malicious domain access detection and blocking system of a host according to an embodiment of the present invention.
The host malicious domain access detection and blocking system according to the embodiment of the present invention includes a malicious
The malicious
The malicious
The malicious domain management and
In addition, the malicious domain management and
Also, the malicious domain management and
The
The agent unit (not shown) installed in the
When the malicious domain query is received from the
The malicious domain
In addition, the malicious domain query
The malicious domain access
FIG. 2 is a flowchart for explaining a malicious domain access detection and blocking method of a host according to an embodiment of the present invention. FIGS. 3 to 6 illustrate a DNS setting file for malicious domain query response shown in FIG. 2, FIG. 7 is a flowchart for describing in detail the step of collecting access information of a host accessing the malicious domain shown in FIG. 2; FIG.
In the present invention, the following operations are roughly performed in order to identify a host of an institution performing malicious domain access and block access.
The malicious
The malicious domain management and
Accordingly, the agent unit installed in the
In step S40 of FIG. 2, the
The content of the malicious domain query and connection attempt packet generated in the internal host in the host can be detected and bypassed to the malicious domain
2, step S50 collects and analyzes access information (e.g., access log and malicious domain access packet information) of an institution host accessing a malicious domain. That is, when a malicious domain query is generated in the
Thereafter, the
The
The collection of the access log performed in the step S50 may include a query of the malicious domain, a process in which the inquired malicious domain is converted into IP, and a process in which the infected system accesses the malicious domain in the malicious domain
In the past, there was a method of identifying a malicious domain by IDS, applying a detection rule based on malicious behavior performed by connecting to a DNS sinkhole or a malicious domain, which functions to identify malicious domains and induce them into a think hole. However, there is a disadvantage in that detection rules can not be applied if there is no known pattern without identifying an internal infection host. In addition, since it does not consider interworking with an automated method called malicious domain real-time tracking, it has a disadvantage that it is difficult to block the malicious domain. However, according to the present invention described above, malicious domain access is blocked in advance to prevent leakage of internal information and to prevent malicious acts in advance. It also collects detection patterns for unknown malicious activity, identifies infected internal hosts, removes malicious programs installed on internal infected hosts, and collects information that can be recovered.
As described above, an optimal embodiment has been disclosed in the drawings and specification. Although specific terms have been employed herein, they are used for purposes of illustration only and are not intended to limit the scope of the invention as defined in the claims or the claims. Therefore, those skilled in the art will appreciate that various modifications and equivalent embodiments are possible without departing from the scope of the present invention. Accordingly, the true scope of the present invention should be determined by the technical idea of the appended claims.
10: malicious domain tracking unit 20: malicious domain management and distribution unit
30: Database part 40: Malicious domain query authority
50: malicious domain access information collection unit 60: malicious domain access guidance unit
70: Agency Host 80: Agency DNS
90: Switch
Claims (19)
The malicious domain management and distribution unit receiving the information on the tracked malicious domain and distributing the information to the authority DNS and the malicious domain query authority delegation unit;
The authority DNS and the malicious domain inquiry delegation unit updating malicious domain information based on the information of the malicious domain being distributed;
The malicious domain query authority delegation unit responds to a malicious domain query of an authority host delegated from the institutional DNS, and refers to the information of the malicious domain zone file for the updated malicious domain, Sending an IP for a malicious domain to the institution host via the institutional DNS; And
The malicious domain access information collecting unit collects the access log and the malicious domain access packet information of the institution host accessing the malicious domain,
And the TTL of the zone file for the updated malicious domain is set to "0 ".
Wherein the step of updating information of the malicious domain updates the DNS configuration file.
The update of the DNS configuration file may be performed,
Generating a malicious domain zone file for the updated malicious domain according to the malicious domain query authority delegation unit receiving malicious domain information to be updated from the institutional DNS;
The malicious domain query authority delegation unit sending the generated malicious domain zone file to the institution DNS; And
And adding the received malicious domain zone file to the DNS configuration file by the authority DNS.
The step of generating the malicious domain zone file includes:
Obtaining an IP of the malicious domain access inducement unit;
Setting an IP of the obtained malicious domain access inducement unit to a malicious domain IP; And
And storing the malicious domain IP as information of the malicious domain zone file.
Wherein the access log includes log information according to the malicious domain query,
Wherein the malicious domain access packet information includes transmission / reception packet information between the institution host and the malicious domain access inducement unit.
After collecting the access log and the malicious domain access packet information of the institution host accessing the malicious domain,
And storing the collected access log and malicious domain access packet information in a database unit.
A malicious domain management and distribution unit for receiving the tracked malicious domain information and distributing the information to the authority DNS and malicious domain query authority delegation unit;
Updating the malicious domain information based on the information of the malicious domain being distributed, responding to the malicious domain query of the host institution delegated from the institutional DNS, and referring to the information of the malicious domain zone file for the updated malicious domain A malicious domain query privilege manager transmitting an IP address of the malicious domain set to an IP address of a malicious domain access inducement unit to the institution host via the institutional DNS; And
And a malicious domain access information collection unit for collecting malicious domain access packet information and an access log of an institution host accessing the malicious domain,
And the TTL of the zone file for the updated malicious domain is set to "0 ".
Wherein the malicious domain query authority delegation unit updates the DNS configuration file in association with the institutional DNS in updating the malicious domain information.
The malicious domain query authority delegation unit generates a malicious domain zone file for the updated malicious domain according to receiving the malicious domain information to be updated from the institution DNS,
Wherein the institutional DNS updates the DNS configuration file by adding the received malicious domain zone file to the DNS configuration file.
The malicious domain inquiry delegation unit obtains the IP of the malicious domain access inducement unit, sets the acquired IP of the malicious domain access inducement unit to the malicious domain IP, and sets the set malicious domain IP as information of the malicious domain zone file And generating the malicious domain zone file by including the malicious domain zone file.
Wherein the access log includes log information according to the malicious domain query,
Wherein the malicious domain access packet information includes transmission / reception packet information between the institution host and the malicious domain access inducement unit.
Wherein the malicious domain access information collection unit stores the collected access log and malicious domain access packet information in a database unit.
Wherein the institutional DNS collects query packets including a malicious domain query host IP, a query target malicious domain name, and a query time when receiving the malicious domain query from the institution host, and transmits the query packet to the malicious domain management and distribution unit Host malicious domain access detection and blocking device.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150074619A KR101662530B1 (en) | 2015-05-28 | 2015-05-28 | System for detecting and blocking host access to the malicious domain, and method thereof |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150074619A KR101662530B1 (en) | 2015-05-28 | 2015-05-28 | System for detecting and blocking host access to the malicious domain, and method thereof |
Publications (1)
Publication Number | Publication Date |
---|---|
KR101662530B1 true KR101662530B1 (en) | 2016-10-05 |
Family
ID=57153919
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020150074619A KR101662530B1 (en) | 2015-05-28 | 2015-05-28 | System for detecting and blocking host access to the malicious domain, and method thereof |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR101662530B1 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR102015897B1 (en) * | 2018-10-24 | 2019-08-28 | (주) 세인트 시큐리티 | Method for Inducing Network Connection Which Generating Fake Ack Packet for Analyzing Malware |
CN111935099A (en) * | 2020-07-16 | 2020-11-13 | 兰州理工大学 | Malicious domain name detection method based on deep noise reduction self-coding network |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100418446B1 (en) * | 2001-03-20 | 2004-02-14 | (주) 세이프아이 | Method and system for restricting access to specific internet sites and LAN card for the same |
KR20130014300A (en) * | 2011-07-29 | 2013-02-07 | 한국전자통신연구원 | Cyber threat prior prediction apparatus and method |
KR20140127549A (en) * | 2013-04-25 | 2014-11-04 | 한국인터넷진흥원 | System and method for tracking exploit hopping sites based on sinkhole server |
-
2015
- 2015-05-28 KR KR1020150074619A patent/KR101662530B1/en active IP Right Grant
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100418446B1 (en) * | 2001-03-20 | 2004-02-14 | (주) 세이프아이 | Method and system for restricting access to specific internet sites and LAN card for the same |
KR20130014300A (en) * | 2011-07-29 | 2013-02-07 | 한국전자통신연구원 | Cyber threat prior prediction apparatus and method |
KR20140127549A (en) * | 2013-04-25 | 2014-11-04 | 한국인터넷진흥원 | System and method for tracking exploit hopping sites based on sinkhole server |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR102015897B1 (en) * | 2018-10-24 | 2019-08-28 | (주) 세인트 시큐리티 | Method for Inducing Network Connection Which Generating Fake Ack Packet for Analyzing Malware |
CN111935099A (en) * | 2020-07-16 | 2020-11-13 | 兰州理工大学 | Malicious domain name detection method based on deep noise reduction self-coding network |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP6894003B2 (en) | Defense against APT attacks | |
Brotsis et al. | Blockchain solutions for forensic evidence preservation in IoT environments | |
CN111600856B (en) | Safety system of operation and maintenance of data center | |
US20200252429A1 (en) | Deceiving Attackers Accessing Network Data | |
US8789171B2 (en) | Mining user behavior data for IP address space intelligence | |
CN112637220B (en) | Industrial control system safety protection method and device | |
WO2014112185A1 (en) | Attack analysis system, coordination device, attack analysis coordination method, and program | |
Pasquale et al. | Adaptive evidence collection in the cloud using attack scenarios | |
CN111131176B (en) | Resource access control method, device, equipment and storage medium | |
CN108234400B (en) | Attack behavior determination method and device and situation awareness system | |
CN112165488A (en) | Risk assessment method, device and equipment and readable storage medium | |
CN110868403B (en) | Method and equipment for identifying advanced persistent Attack (APT) | |
CN111510463B (en) | Abnormal behavior recognition system | |
CN109150853B (en) | Intrusion detection system and method based on role access control | |
CN113411295A (en) | Role-based access control situation awareness defense method and system | |
KR101662530B1 (en) | System for detecting and blocking host access to the malicious domain, and method thereof | |
JP2006040196A (en) | Software monitoring system and monitoring method | |
Mohammadmoradi et al. | Making whitelisting-based defense work against badusb | |
KR101494329B1 (en) | System and Method for detecting malignant process | |
KR101754195B1 (en) | Method for security enhancement based on multi log gathering server | |
CN110086812B (en) | Safe and controllable internal network safety patrol system and method | |
KR101271449B1 (en) | Method, server, and recording medium for providing service for malicious traffic contol and information leak observation based on network address translation of domain name system | |
CN102325132B (en) | System level safety domain name system (DNS) protection method | |
CN115150137B (en) | Redis-based high-frequency access early warning method and device | |
Murthy et al. | Database Forensics and Security Measures to Defend from Cyber Threats |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
E701 | Decision to grant or registration of patent right | ||
GRNT | Written decision to grant | ||
FPAY | Annual fee payment |
Payment date: 20190701 Year of fee payment: 4 |