面向域名解析系统的知识图谱构建与应用方法  被引量：6

作　　者：胡昌秀 张仰森[1] 刘洋[2] 陈祥 辛永辉 HU Chang-xiu;ZHANG Yang-sen;LIU Yang;CHEN Xiang;XIN Yong-hui(Institute of Intelligent Information,Beijing Information Science&Technology University,Beijing 100101,China;National Computer Network Emergency Technology Handling Coordination Center,Beijing 100029,China)

机构地区：[1]北京信息科技大学智能信息处理研究所,北京100101 [2]国家计算机网络应急技术处理协调中心,北京100029

出　　处：《科学技术与工程》2023年第23期9979-9990,共12页Science Technology and Engineering

基　　金：国家自然科学基金(61772081,62176023);科技创新服务能力建设-科研基地建设-北京实验室-国家经济安全预警工程北京实验室项目(PXM2018_014224_000010)。

摘　　要：为提高网络域名系统(domain name system,DNS)服务器日志分析能力,综合多种技术提出了构建面向域名解析系统的知识图谱。首先,应用域名解析、权威域名服务器、别名解析、自治系统等基本原理设计了基于aiohttp和dig技术相结合的数据采集方案,构建了相应的领域知识库;其次基于该知识库设计和构建了面向域名解析系统的知识图谱,其节点规模达近500万;然后应用该知识图谱解决web日志中异常访问行为识别效果差的实际问题。以某国家网络信息安全科研机构的网络服务器日志为研究对象,对比是否采用知识图谱进行实验:在爬虫行为、域名暴力解析行为、DNS重复解析行为的识别实验中,F1值分别提高了14.88%、47.23%和91.63%。结果表明,该知识图谱能够有效提高web日志中异常行为识别率。In order to improve the ability of network DNS server log analysis,the knowledge graph for domain name system was pro-posed and conducted combining a variety of technologies.Firstly,based on some basic principles of domain name resolution,authorita-tive domain name server,alias resolution,autonomous system,etc.,the data collection scheme based on the combination of aiohttp and dig technology was designed,and a corresponding domain knowledge base was built.Secondly,based on this knowledge base,a knowledge graph for domain name system was designed and constructed,with a node size of nearly 5 million.Then the knowledge graph was applied to solve the practical problem of poor recognition effect of abnormal access behavior in Web logs.Whether to use knowledge graph for experiments was compared by taking the web server logs of a national network information security research institution as the research object:in the identification experiments of crawler behavior,domain name violent resolution behavior,and DNS repeated reso-lution behavior,the F1 value increased by 14.88%,47.23%and 91.63%.The results show that the knowledge graph can effectively improve the recognition rate of abnormal behaviors in web logs.

关 键 词：知识图谱 日志分析 异常访问行为识别 域名解析系统 

分 类 号：TP391[自动化与计算机技术—计算机应用技术]