高技术通讯2016,Vol.26Issue(10):849-856,8.DOI:10.3772/j.issn.1002-0470.2016.10-11.004
基于相对密度的DNS请求数据流源IP异常检测算法
An algorithm for detection of source IP anomalies in DNS query based on relative density
摘要
Abstract
The study focused on the anomaly detection for domain name systems (DNS).Through the investigation of the outlier detection algorithm based on relative density,an algorithm for detection of source IP anomalies in DNS query data streams based on relative density was proposed.The algorithm calculates the relative density of each source IP,and uses the inverse of the density as an abnormal value.When calculating the relative density,it uses the nine dimensions of number of query,entropy of source port,proportion of queried illegal domain name and so on to represent a source IP.The experimental results show that the proposed source IP anomaly detection algorithm based on relative density can put forward the corresponding abnormal value accurately according to the abnormality of each source IP.关键词
域名系统(DNS)/相对密度/离群点/异常检测Key words
domain name systems (DNS)/relative density/outlier/anomaly detection引用本文复制引用
王靖云,史建焘,张兆心,沈英洪..基于相对密度的DNS请求数据流源IP异常检测算法[J].高技术通讯,2016,26(10):849-856,8.基金项目
国家科技支撑计划(2012BAH45B01),国家自然科学基金(61100189,61370215,61370211)和国家信息安全计划(2014A085,2015A072)资助项目. (2012BAH45B01)
