防护性DNS服务关键技术研究综述  

作　　者：马永征[1] 李洪涛[1] 马中胜 胡卫宏 张中献 MA Yongzheng;LI Hongtao;MA Zhongsheng;HU Weihong;ZHANG Zhongxian(China Internet Network Information Center,Beijing 100190,China)

机构地区：[1]中国互联网络信息中心,北京100190

出　　处：《网络与信息安全学报》2024年第5期39-55,共17页Chinese Journal of Network and Information Security

基　　金：国家重点研发计划(2022YFB3105000)。

摘　　要：域名系统(domain name system,DNS)作为互联网资源的名字标识服务,提供了从域名到IP地址的查询转换功能,是用户访问互联网应用的入口,也是用户侧安全威胁感知与防御的关键点。用户侧常见的DNS滥用及相关安全威胁有:网络钓鱼、域名不良应用、恶意软件以及利用DNS进行攻击等。防护性DNS(protective DNS,PDNS)服务是一种利用DNS协议和架构的网络安全防护技术,通过对DNS查询进行威胁检测与处置,能够从源头上阻止用户对网络钓鱼网站、不良网站、恶意软件的访问。目前学界对PDNS服务还缺少系统的介绍与研究。对PDNS已有研究工作、应用现状及架构与功能进行系统梳理,对PDNS所涉及的关键技术进行系统综述,主要包括域名威胁处置技术、DNS异常检测技术、威胁情报管理技术和数据存储管理技术,分析PDNS目前面临的问题与挑战,并对PDNS未来发展趋势与研究方向提出了展望。The domain name system(DNS)is a naming service for Internet resources that provides the function of converting from domain names to IP addresses.It serves as the entry point for users to access Internet applications and is also the key point for client-side security threat perception and mitigation.Common DNS abuses and related security threats on the client side include phishing,malware,and other attacks based on DNS.The protective DNS(PDNS)service leverages the existing DNS protocol and architecture to detect and mitigate threats by analyzing DNS queries,thereby protecting users against potential security threads at the source.Currently,a systematic introduction and research on PDNS service in academia and industry is lacking.The existing work,application status,and architecture and functions of PDNS were systematically sorted out.The key technologies associated with PDNS,including DNS-related threat mitigation,DNS anomaly detection,threat intelligence management,and data storage and management technology,were reviewed.The issues and challenges faced by PDNS were analyzed,and future development trends and research directions for PDNS were proposed.

关 键 词：域名系统 防护性DNS服务 域名威胁处置 DNS异常检测 威胁情报管理 数据存储管理 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]