A DNS Architecture Based on Mimic Security Defense

WANG Zhen-peng; HU Hong-chao; CHENG Guo-zhen

doi:10.3969/j.issn.0372-2112.2017.11.018

您当前的位置：

首页 >

文章列表页 >

A DNS Architecture Based on Mimic Security Defense

更新时间：2025-07-16

- A DNS Architecture Based on Mimic Security Defense
- Acta Electronica Sinica Vol. 45, Issue 11, Pages: 2705-2714(2017)
- 作者机构：
  
  国家数字交换系统工程技术研究中心(NDSC),河南,郑州,450003
- 作者简介：
- 基金信息：
- DOI：10.3969/j.issn.0372-2112.2017.11.018
  CLC： TP393
- Published Online：25 November 2017，
  
  Published：2017
- 稿件说明：
移动端阅览
WANG Zhen-peng, HU Hong-chao, CHENG Guo-zhen. A DNS Architecture Based on Mimic Security Defense[J]. Acta Electronica Sinica, 2017, 45(11): 2705-2714.
DOI：

WANG Zhen-peng, HU Hong-chao, CHENG Guo-zhen. A DNS Architecture Based on Mimic Security Defense[J]. Acta Electronica Sinica, 2017, 45(11): 2705-2714. DOI： 10.3969/j.issn.0372-2112.2017.11.018.

摘要

目前针对DNS服务器的恶意攻击频发，如DNS缓存投毒攻击，而DNS安全拓展协议（DNSSEC）在大规模部署时仍面临许多难题.本文提出一种简单易部署的，具有入侵容忍能力的主动防御架构拟态DNS（Mimic DNS，M-DNS）保证DNS安全.该架构由选调器和包含多个异构DNS服务器的服务器池组成.首先选调器动态选取若干服务器并行处理请求，然后对各服务器的处理结果采用投票机制决定最终的有效响应.实验仿真表明，相比当前传统架构，M-DNS可以降低缓存投毒攻击成功率约10个数量级.

Abstract

A simple and practical approach is required immediately to safeguard the Domain Name System (DNS) because there are increasing attacks on DNS (such as DNS cache poisoning) and various problems when deploying Domain Name System Security Extensions (DNSSEC) on a large scale.In this paper

we present Mimic DNS (M-DNS)

a non-intrusive

tolerant and proactive security architecture

to deal with it.M-DNS is comprised of a scheduler and a server pool which consists of several heterogeneous DNS servers.The scheduler dynamically schedules the DNS servers to handle the requests in parallel and adopts the vote results from the majority of the servers to determine valid responses.Simulation results demonstrate that compared with current traditional frameworks

approximating 10 orders of magnitude reduction in cache poisoning attack probability is acquired when employing M-DNS.

关键词

Keywords

references

Views

505

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

A Security Analysis Approach for Dynamic Heterogeneous Redundancy Model Based on Probability Analysis

Design and Implementation of Microcontroller Based on Dynamic Heterogeneous Redundancy Architecture

A Mimic Defense Automaton Model of Dynamic Heterogeneous Redundancy Structures

Related Author

ZHENG Qiu-hua

HU Cheng-nan

CUI Ting-ting

SHEN Yan-zhao

ZENG Ying-pei

WU Ting

OUYANG Ling

SONG Ke

Related Institution

School of Cyberspace Security, Hangzhou Dianzi University

Hangzhou Innovation Institute, Beihang University

Institute of Information Technology， Information Engineering University

School of Electronic Information， Zhongyuan University of Technology

School of Information Engineering, Zhengzhou University

⁰