电子学报2017,Vol.45Issue(11):2705-2714,10.DOI:10.3969/j.issn.0372-2112.2017.11.018
一种基于拟态安全防御的DNS框架设计
A DNS Architecture Based on Mimic Security Defense
摘要
Abstract
A simple and practical approach is required immediately to safeguard the Domain Name System (DNS) because there are increasing attacks on DNS (such as DNS cache poisoning) and various problems when deploying Domain Name System Security Extensions (DNSSEC) on a large scale.In this paper,we present Mimic DNS (M-DNS),a nonintrusive,tolerant and proactive security architecture,to deal with it.M-DNS is comprised of a scheduler and a server pool which consists of several heterogeneous DNS servers.The scheduler dynamically schedules the DNS servers to handle the requests in parallel and adopts the vote results from the majority of the servers to determine valid responses.Simulation results demonstrate that compared with current traditional frameworks,approximating 10 orders of magnitude reduction in cache poisoning attack probability is acquired when employing M-DNS.关键词
DNS/DNS缓存投毒攻击/拟态安全防御/动态异构冗余Key words
DNS/DNS cache poisoning attack/mimic security defense/dynamic heterogeneous redundancy分类
信息技术与安全科学引用本文复制引用
王禛鹏,扈红超,程国振..一种基于拟态安全防御的DNS框架设计[J].电子学报,2017,45(11):2705-2714,10.基金项目
国家自然科学基金青年基金(No.61309020,No.61602509) (No.61309020,No.61602509)
国家自然科学基金创新群体项目(No.61521003) (No.61521003)
国家重点研发计划项目(网络空间拟态防御技术机制研究)(No.2016YFB0800100,No.2016YFB0800101) (网络空间拟态防御技术机制研究)
