计算机工程2013,Vol.39Issue(1):12-17,6.DOI:10.3969/j.issn.1000-3428.2013.01.003
Kaminsky域名系统缓存投毒防御策略研究
Research on Defense Strategy of Kaminsky DNS Cache Poisoning
摘要
Abstract
Current cache Domain Name System(DNS) servers can not resist continuing Kaminsky DNS cache poisoning, so this paper proposes a defense strategy based on response packets checking. Probability theory is used to analyze the internal relation between success probability and continuing time of poisoning, which attests the harmfulness of continuing Kaminsky poisoning. Packet checking suppresses success probability's accumulative effect on time on the existing basis so that it can be used to defense continuing Kaminsky poisoning. Simulation experiment is conducted based on probabilistic model checking tool PRISM, whose results prove that the strategy can make poison attack more difficult by over 3 600 times than it is now.关键词
Kaminsky域名系统/DNS缓存投毒/概率分析/报文检查/防御策略/模型检查Key words
Kaminsky Domain Name System(DNS)/ DNS cache poisoning/ probability analysis/ packet checking/ defense strategy/ model checking分类
信息技术与安全科学引用本文复制引用
许成喜,胡荣贵,施凡,张岩庆..Kaminsky域名系统缓存投毒防御策略研究[J].计算机工程,2013,39(1):12-17,6.
