递归侧DNS安全研究与分析  被引量：2

作　　者：张宾 张宇 张伟哲[1,2] ZHANG Bin;ZHANG Yu;ZHANG Wei-Zhe(Pengcheng Laboratory,Shenzhen 518055,China;School of Cyberspace Science,Harbin Institute of Technology,Harbin 150001,China)

机构地区：[1]鹏城实验室,广东深圳518055 [2]哈尔滨工业大学网络空间安全学院,黑龙江哈尔滨150001

出　　处：《软件学报》2024年第10期4876-4911,共36页Journal of Software

基　　金：鹏城实验室重大攻关项目(PCL2023AS4-1);国家自然科学基金青年科学基金(62102202);广东省重点领域研发计划(2020B0101360001);广东省基础与应用基础研究重大项目(2019B030302002)。

摘　　要：因特网用户在访问网络应用前都需要通过DNS进行解析,DNS安全是保障网络正常运行的第1道门户,如果DNS的安全不能得到有效保证,即使网络其他系统安全防护措施级别再高,攻击者也可以通过攻击DNS系统使网络无法正常使用.目前DNS恶性事件仍有上升趋势,DNS攻击检测和防御技术的发展仍不能满足现实需求.从直接服务用户DNS请求的递归解析服务器视角出发,将DNS安全事件通过两种分类方法,全面梳理和总结DNS工作过程中面临的安全问题,包括由攻击或系统漏洞等引起各类安全事件,各类安全事件的具体检测方法,各类防御保护技术.在对各类安全事件、检测和防御保护技术总结的过程中,对相应典型方法的特点进行分析和对比,并对未来DNS安全领域的研究方向进行展望.Internet users need to resolve through DNS before accessing network applications.DNS security is the first portal to ensure the normal operation of the network.If the security of DNS cannot be effectively guaranteed,even if the level of security protection measures of other network systems is high,attackers can attack the DNS system to make the network unusable.At present,DNS malignant events still have an upward trend,and the development of DNS attack detection and defense technology still cannot meet practical needs.From the perspective of recursive servers that directly serve users’DNS requests,this study comprehensively summarizes the security problems faced in the DNS process through two classification methods,including various security events caused by attacks or system vulnerabilities,different detection methods for various security events,and various defense and protection technologies.When summarizing various security events,detection and defense protection technologies,the study analyzes the characteristics of the corresponding typical methods and prospects for the future research direction of the DNS security field.

关 键 词：域名系统(DNS) 域名系统安全 攻击检测 系统防御 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]