网络与信息安全学报2025,Vol.11Issue(6):92-104,13.DOI:10.11959/j.issn.2096-109x.2025067
DNS异常检测:大规模实验分析
Anomaly detection in DNS:an empirical study
摘要
Abstract
Domain name system(DNS)is a critical infrastructure that enables connectivity on the internet.The se-curity of the DNS is vital for the ability of Internet to provide services and is closely tied to people's daily work and lives.three DNS server attack scenarios are designed and data is collected to build both active and passive DNS da-tasets for attack detection,anomaly detection and prediction in these scenarios.Through experimental comparisons,the applicability of up to 15 machine learning algorithms,including both machine learning and deep learning algo-rithms(especially time-series detection algorithms tailored for the continuous service characteristics of DNS),is validated across various attack and anomaly scenarios.The best algorithm models are presented,providing a di-verse set of model choices for DNS system security situational awareness and defense.关键词
域名系统/异常检测/机器学习/深度学习Key words
domain name system/anomaly detection/machine learning/deep learning分类
信息技术与安全科学引用本文复制引用
HOU Ronghao,HE Ming,KONG Kaichuan,CHEN Yong,ZUO Peng..DNS异常检测:大规模实验分析[J].网络与信息安全学报,2025,11(6):92-104,13.基金项目
工业和信息化部工业互联网标识解析体系安全监测与防护项目(TC220H078) (TC220H078)
广东省自然科学基金(2021A1515011314) MIIT Project Industrial Internetidentifcation Resolution System Security Monitoring and Protection(TC220H078),The Natural Science Foundation of Guangdong Province(2021A1515011314) (2021A1515011314)
