域名滥用行为检测技术综述  被引量：7

作　　者：樊昭杉 王青 刘俊荣[1] 崔泽林 刘玉岭 刘松[1] Fan Zhaoshan;Wang Qing;Liu Junrong;Cui Zelin;Liu Yuling;Liu Song(Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093;School of Cyber Security,University of Chinese Academy of Sciences,Beijing 100049)

机构地区：[1]中国科学院信息工程研究所,北京100093 [2]中国科学院大学网络空间安全学院,北京100049

出　　处：《计算机研究与发展》2022年第11期2581-2605,共25页Journal of Computer Research and Development

基　　金：国家重点研发计划项目(2021YFF0307203,2019QY1300,2018YFB0803602);中国科学院青年创新促进会项目(2021156);中国科学院战略性先导科技专项(C类)(XDC02040100);国家自然科学青年科学基金项目(61802404);中国科学院网络评估技术重点实验室资助;北京市网络安全与保护技术重点实验室资助。

摘　　要：域名系统(domain name system,DNS)是网络和信息时代互联网基础结构的重要组成部分,同时也被多种严重威胁网络安全的攻击活动滥用,例如僵尸网络命令和控制、垃圾邮件分发以及网络钓鱼.从典型检测场景的角度,全面回顾现有的域名滥用检测技术.首先,介绍域名滥用行为检测的背景知识,并通过调研现有域名滥用检测方案,提出域名滥用检测场景分类体系、总结典型检测特征及方法.其次,分别阐述了恶意软件、网络钓鱼、域名抢注、垃圾邮件,以及不限定滥用行为5种典型检测场景下,域名滥用攻防技术演进的过程.并从技术方案、典型特征、检测算法等多个维度进一步全面梳理域名滥用检测工作,对现有的域名滥用检测方法进行系统概述.最后,讨论域名滥用检测技术面临的挑战和未来研究方向,以期改善域名系统的生态环境.Domain name system is one of the most critical components of the global Internet infrastructure in the network and information age.But it is also being abused by various types of cyber attacks,such as botnet command and control,spam delivery,and phishing,which are emerging as the most serious threat against cyber-security.The existing domain name abuse detection technologies are comprehensively reviewed from the perspective of typical detection scenarios.First,the background knowledge of domain name abuse detection is introduced.By investigating the existing domain name abuse detection schemes,a taxonomy of detection scenarios is put forward.Moreover,the typical features and detection methods are also summarized.Second,the evolution process of attack and defense technologies for domain name abuse in five typical detection scenarios,including malware,phishing,cybersquatting,spam,and unrestricted abuse behavior,are respectively elaborated.Furthermore,an comprehensive summary of domain name abuse detection methods is given from multiple dimensions such as technical solutions,typical features,and detection algorithms.And a systematic overview of existing domain name abuse detection methods is conducted.Finally,the challenges faced by domain name abuse detection technology and future research directions are discussed,with a view to further improve the ecological environment of domain name system.

关 键 词：域名系统 域名滥用行为 恶意软件 网络钓鱼 域名抢注 垃圾邮件 

分 类 号：TP391[自动化与计算机技术—计算机应用技术]