【摘要】 DNS服务器在Internet中具有至关重要的作用,对它进行攻击会影响网络向用户提供正常的服务。DNS Query Flood攻击是最为常见的一种攻击方式,它向DNS服务器发送大量伪造的域名解析请求,消耗DNS服务器的资源,造成拒绝服务。及时检测到此类攻击的存在至关重要。在研究DNS解析过程的基础上,总结DNS Query Flood攻击的特点;根据攻击的特点,结合信息熵来判断网络是否出现异常;利用滑动窗口机制来确定是否存在攻击。更多还原

【Abstract】 DNS server has a vital role in the Internet,and it will affect the network to provide normal services to users if DNS is attacked.DNS Query Flood attack sends a lot of fake DNS request to the DNS server,consumes the DNS server resources and causes denial of service.So it is very important to detect timely the attack.Based on the study of the DNS resolution process,we summed up the characteristics of the DNS Query Flood attack.According to the characteristics of attack,we combined the information entropy to determine whether a network abnormalities,and then used sliding window mechanism to determine whether there is any attack.更多还原