高级检索

    域名滥用行为检测技术综述

    Survey on Domain Name Abuse Detection Technology

    • 摘要: 域名系统(domain name system, DNS)是网络和信息时代互联网基础结构的重要组成部分,同时也被多种严重威胁网络安全的攻击活动滥用,例如僵尸网络命令和控制、垃圾邮件分发以及网络钓鱼.从典型检测场景的角度,全面回顾现有的域名滥用检测技术.首先,介绍域名滥用行为检测的背景知识,并通过调研现有域名滥用检测方案,提出域名滥用检测场景分类体系、总结典型检测特征及方法.其次,分别阐述了恶意软件、网络钓鱼、域名抢注、垃圾邮件,以及不限定滥用行为5种典型检测场景下,域名滥用攻防技术演进的过程.并从技术方案、典型特征、检测算法等多个维度进一步全面梳理域名滥用检测工作,对现有的域名滥用检测方法进行系统概述.最后,讨论域名滥用检测技术面临的挑战和未来研究方向,以期改善域名系统的生态环境.

       

      Abstract: Domain name system is one of the most critical components of the global Internet infrastructure in the network and information age. But it is also being abused by various types of cyber attacks, such as botnet command and control, spam delivery, and phishing, which are emerging as the most serious threat against cyber-security. The existing domain name abuse detection technologies are comprehensively reviewed from the perspective of typical detection scenarios. First, the background knowledge of domain name abuse detection is introduced. By investigating the existing domain name abuse detection schemes, a taxonomy of detection scenarios is put forward. Moreover, the typical features and detection methods are also summarized. Second, the evolution process of attack and defense technologies for domain name abuse in five typical detection scenarios, including malware, phishing, cybersquatting, spam, and unrestricted abuse behavior, are respectively elaborated. Furthermore, an comprehensive summary of domain name abuse detection methods is given from multiple dimensions such as technical solutions, typical features, and detection algorithms. And a systematic overview of existing domain name abuse detection methods is conducted. Finally, the challenges faced by domain name abuse detection technology and future research directions are discussed, with a view to further improve the ecological environment of domain name system.

       

    /

    返回文章
    返回