CN112600859B - Anomaly detection processing method for mimicry DNS (Domain name System) defense system - Google Patents
Anomaly detection processing method for mimicry DNS (Domain name System) defense system Download PDFInfo
- Publication number
- CN112600859B CN112600859B CN202110022406.XA CN202110022406A CN112600859B CN 112600859 B CN112600859 B CN 112600859B CN 202110022406 A CN202110022406 A CN 202110022406A CN 112600859 B CN112600859 B CN 112600859B
- Authority
- CN
- China
- Prior art keywords
- isomer
- probe
- domain name
- probe domain
- resolution
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 230000007123 defense Effects 0.000 title claims abstract description 21
- 238000001514 detection method Methods 0.000 title claims description 12
- 238000003672 processing method Methods 0.000 title claims description 8
- 239000000523 sample Substances 0.000 claims abstract description 89
- 238000004458 analytical method Methods 0.000 claims abstract description 35
- 238000000034 method Methods 0.000 claims abstract description 15
- 238000013475 authorization Methods 0.000 claims abstract description 14
- 238000012163 sequencing technique Methods 0.000 claims abstract 2
- 102000001708 Protein Isoforms Human genes 0.000 claims description 7
- 108010029485 Protein Isoforms Proteins 0.000 claims description 7
- 238000012545 processing Methods 0.000 abstract description 7
- 230000005856 abnormality Effects 0.000 abstract description 2
- 230000002159 abnormal effect Effects 0.000 description 5
- SYSQUGFVNFXIIT-UHFFFAOYSA-N n-[4-(1,3-benzoxazol-2-yl)phenyl]-4-nitrobenzenesulfonamide Chemical class C1=CC([N+](=O)[O-])=CC=C1S(=O)(=O)NC1=CC=C(C=2OC3=CC=CC=C3N=2)C=C1 SYSQUGFVNFXIIT-UHFFFAOYSA-N 0.000 description 5
- 230000007246 mechanism Effects 0.000 description 4
- 238000004590 computer program Methods 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004422 calculation algorithm Methods 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000002360 explosive Substances 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method for detecting and processing the abnormality of a mimicry DNS defense system, which comprises the following steps: step 1) after a system starts to receive a DNS request of a client, recording the DNS request distributed to each isomer and an analysis result returned by each isomer; step 2) sequencing all the recorded domain name resolution requests according to the request times; step 3) taking the first N domain names as probe domain names, simultaneously obtaining respective authorization server addresses of each probe domain name, inquiring and recording correct resolution results of the probe domain names from an authorization server; step 4) traversing all probe domain names, counting the resolution results of each isomer recorded by the selective calling module to the request probe domain name record, and calculating the resolution success rate and the weight coefficient of each isomer to the probe domain name; step 5), after traversing is completed, obtaining an analysis success rate set and a weight coefficient set of the isomers to all probe domain names; and 6) calculating the operational index parameters of the isomers in the current polling period according to the analysis success rate set and the weight coefficient set of the isomers.
Description
Technical Field
The invention belongs to the technical field of network technology and mimicry DNS defense systems, and particularly relates to a mechanism for detecting and processing an isomer module abnormality.
Background
With the explosive development of the internet industry, domain name databases are also increased explosively, and now there are hundreds of millions of domain names in the internet, which is a difficult problem how to ensure that internet users can quickly and correctly acquire domain name resource record values. The mimicry DNS defense system greatly improves the effective request rate through the characteristic of self-optimizing algorithm. In the face of increasingly frequent domain name requests and increasingly complex network environments, a fast and flexible mechanism is needed to help the mimicry DNS defense system to deal with these problems, and it is essential to improve the performance and stability of the mimicry DNS defense system.
In the prior art, a mimicry DNS defense system operates isomers online through a network management module, the network management module manually selects n isomers from an isomer pool and places the n isomers into an active isomer pool to complete isomer online operation, a subsequent DNS request received by the DNS mimicry defense system is distributed to all isomers in the active isomer pool, that is, the isomers that have been online, by a selecting and dispatching module, and finally, an optimal resolution result is returned to a client.
Among others, the prior art has the following disadvantages:
the resolution result returned by the isomers is greatly influenced by the network environment, and particularly when a network fault occurs, the analysis of some isomers may not be performed normally for a long time, for example, the network is not accessible, and the domain name resolution result is incorrect. The uncontrollable factors greatly increase the processing pressure of the system, and the performance reduction caused by longer domain name resolution processing time has larger influence on the client experience.
Disclosure of Invention
The invention aims to provide a novel abnormity detection and processing method.
The technical scheme adopted by the invention for solving the technical problems is as follows:
a mimicry DNS defense system abnormity detection processing method is characterized by comprising the following steps:
step 1) after a system starts to receive a DNS request of a client, recording the DNS request distributed to each isomer and an analysis result returned by each isomer;
step 2) sorting all the recorded domain name resolution requests according to the request times;
step 3) taking the first N domain names as probe domain names, simultaneously obtaining the respective authorization server address of each probe domain name, inquiring the authorization server about the correct resolution result of the probe domain names and recording A (r) 1 ,r 2 ,r 3 ,…,r n ) A represents the correct resolution result set of all probe domain names, element r n Representing the nth probe domain name and a correct resolution result thereof;
step 4) traversing all probe domain name correct resolution result sets A (r) 1 ,r 2 ,r 3 ,…,r n ) The domain name r of each isomer recorded by the statistic tuning module for the request probe n Recorded analysis result B (r) 1 ,r 2 ,r 3 ,…,r n ) Calculating the domain name r of each isomer pair probe n The analysis success rate K and the weight coefficient P;
step 5) when all the probe domain names are correctly resolved, a result set A (r) is obtained 1 ,r 2 ,r 3 …,r n ) After traversing is completed, the resolution success rate set T (k) of isomers to all probe domain names is obtained 1 ,k 2 ,k 3 ,…,k n ) And a set of weight coefficients Y (p) 1 ,p 2 ,p 3 ,…,p n );
Step 6) according to the analysis success rate set T (k) of isomers 1 ,k 2 ,k 3 ,…,k n ) And a set of weight coefficients Y (p) 1 ,p 2 ,p 3 ,…,p n ) Calculating an operational index parameter Z of the isomer in the current polling period;
and 7) when the operational index parameter Z is lower than a preset threshold value, performing offline or restarting operation on the isomer.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
Drawings
The present invention will be described in detail below with reference to the accompanying drawings so that the above advantages of the present invention can be more clearly understood. Wherein,
fig. 1 is a flow diagram illustrating an anomaly detection processing method of a mimicry DNS defense system according to the present invention.
Detailed Description
The following detailed description of the embodiments of the present invention will be provided with reference to the drawings and examples, so that how to apply the technical means to solve the technical problems and achieve the technical effects can be fully understood and implemented. It should be noted that, as long as there is no conflict, the embodiments and the features in the embodiments of the present invention may be combined with each other, and the technical solutions formed are within the scope of the present invention.
Additionally, the steps illustrated in the flow charts of the figures may be performed in a computer system such as a set of computer-executable instructions and, although a logical order is illustrated in the flow charts, in some cases, the steps illustrated or described may be performed in an order different than here.
As shown in fig. 1, a method for detecting and processing an anomaly of a mimicry DNS defense system is characterized by comprising:
step 1) after a system starts to receive a DNS request of a client, recording the DNS request distributed to each isomer and an analysis result returned by each isomer;
step 2) sorting all the recorded domain name resolution requests according to the request times;
step 3) taking the first N domain names as probe domain names, simultaneously obtaining respective authorization server addresses of each probe domain name, inquiring the authorization server about the correct resolution result of the probe domain name and recording A (r) 1 ,r 2 ,r 3 ,…,r n ) A represents the correct resolution result set for all probe domain names, element r n Representing the nth probe domain name and a correct resolution result thereof;
step 4) traversing correct resolution result set A (r) of all probe domain names 1 ,r 2 ,r 3 ,…,r n ) The domain name r of each isomer recorded by the statistic tuning module for the request probe n Recorded analysis result B (r) 1 ,r 2 ,r 3 ,…,r n ) Calculating the domain name r of each isomer pair probe n The resolution success rate K and the weight coefficient P;
step 5) collecting the correct resolution results A (r) of all the probe domain names 1 ,r 2 ,r 3 ,…,r n ) After traversing is finished, obtaining the resolution success rate set T (k) of the isomers to all the probe domain names 1 ,k 2 ,k 3 ,…,k n ) And a set of weight coefficients Y (p) 1 ,p 2 ,p 3 ,…,p n );
Step 6) according to the analysis success rate set T (k) of isomers 1 ,k 2 ,k 3 ,…,k n ) And a set of weight coefficients Y (p) 1 ,p 2 ,p 3 ,…,p n ) Calculating an operational index parameter Z of the isomer in the current polling period;
and 7) when the operational index parameter Z is lower than a preset threshold value, performing offline or restarting operation on the isomer.
In the step 3), the method specifically comprises the following steps:
taking the first N domain names as probe domain names, simultaneously obtaining the respective authorization server address of each probe domain name, inquiring the authorization server about the correct resolution result of the probe domain name and recording A (r) 1 ,r 2 ,r 3 ,…,r n ) A represents the correct resolution result set of all probe domain names, element r n And (4) representing the nth probe domain name and a correct resolution result thereof.
In the step 4), the method specifically comprises the following steps:
traverse all probe domain name correct resolution result set A (r) 1 ,r 2 ,r 3 ,…,r n ) The domain name r of each isomer recorded by the statistic tuning module for the request probe n Analysis result set B (r) of (1) 1 ,r 2 ,r 3 ,…,r n ) Calculating to obtain each differenceStructure pair probe domain name r n The resolution success rate K and the weight coefficient P.
In the step 5), the method specifically comprises the following steps:
when all the probe domain names are correctly resolved, the result set A (r) 1 ,r 2 ,r 3 ,…,r n ) After traversing is completed, the resolution success rate set T (k) of isomers to all probe domain names is obtained 1 ,k 2 ,k 3 ,…,k n ) And a set of weight coefficients Y (p) 1 ,p 2 ,p 3 ,…,p n )。
In the step 6), the method specifically comprises the following steps:
set of resolution success rates T (k) from isomers 1 ,k 2 ,k 3 ,…,k n ) And a set of weight coefficients Y (p) 1 ,p 2 ,p 3 ,…,p n ) An operational index parameter Z is calculated for the current polling cycle isomer, wherein,
Z=k 1 p 1 +k 2 p 2 +…+k n p n ,
k n represents the resolution success rate of the isomer to the nth probe domain name, P n Represents the weight coefficient of the isoform to the nth probe domain.
The step 1) further comprises the following steps:
when the mimicry DNS defense system is started, initializing a runnable index parameter Z of all isomers in an active isomer pool, wherein Z =100%, and Z is the only parameter of an online isomer and is used for reflecting the comprehensive availability of the current isomer.
In step 4), traversing the correct analysis result set A (r) of all the probe domain names 1 ,r 2 ,r 3 ,…,r n ) And counting the resolution result B (r) of each isomer recorded by the tuning module to the probe domain name request record 1 ,r 2 ,r 3 ,…,r n ) Calculating the domain name r of each isomer pair probe n The analysis success rate K and the weight coefficient P include:
calculating an analytic success rate K:
x denotes an empty set, A (r) i ) Denotes the probe domain name r i The correct resolution result of (1) is that B is the isomer pair probe domain name A (r) i ) The analysis result set of (2). C represents the isomer pair probe domain name A (r) i ) The error resolution result set of (2);
b represents the isomer for the probe domain name r i J (C, B) represents the similarity coefficient of the set of erroneous analysis results and the set of analysis results of the isomer;
k represents the Jacard distance between the error analysis result set and the analysis result set of the isomer, namely the analysis success rate;
calculating weight coefficient P, and counting probe domain name r n Number of requests C sum Ratio in the total number of DNS requests received by the isoform Q:
c sum indicates probe domain name A (r) during system statistics i ) Q represents the total number of requests during the system statistics.
Specifically, in one embodiment, the invention aims to timely and effectively find that when an isomer is abnormal, a system can periodically send a probe through a network management module to actively detect the running state change of the isomer, when the isomer is suspected to be abnormal, a predefined operation is performed on the isomer, and the process of abnormal isomer detection and abnormal processing by the mimicry DNS defense system is simply called as an RDFH mechanism.
The complete solution provided by the invention is as follows:
1.1.1 when the mimicry DNS defense system is started, firstly, a management module enables the operational index parameters of all isomers in an active isomer pool to be as follows: z is initialized to Z =100%, and Z is the only parameter of the upper line isomer and is used for representing the comprehensive availability of the current isomer.
1.1.2 when the mimicry DNS defense system starts to receive DNS requests of a client, the tuning module records the DNS requests distributed to each isomer and analysis results returned by each isomer, after the number of the DNS requests received by the system reaches a Q value, the management module sorts all the DNS requests according to the request times, the first N domain names are taken as probe domain names, the address of an authorization server of each probe domain name is obtained at the same time, the authorization server inquires the correct analysis results of the probe domain names and records A (r) of the probe domain names 1 ,r 2 ,r 3 ,…,r n ) A represents the correct resolution result set for all probe domain names, element r n And (4) representing the nth probe domain name and a correct resolution result thereof.
1.1.3 management Module traverses the correct resolution result set A (r) for all Probe Domain names 1 ,r 2 ,r 3 ,…,r n ) The domain name r of each isomer recorded by the statistic tuning module for the request probe n Recorded analysis result B (r) 1 ,r 2 ,r 3 ,…,r n ) Calculating the domain name r of each isomer pair probe n The analysis success rate K and the weight coefficient P are calculated according to the following principles:
1.1.3.1 resolution success rate K:
1.1.3.2 weight coefficient P: the management module counts the probe domain name r n Number of requests C sum Ratio in the total number of DNS requests received by the isoform Q:
when the set A (r) 1 ,r 2 ,r 3 ,…,r n ) After traversing is completed, the resolution success rate set T (k) of isomers to all probe domain names is obtained 1 ,k 2 ,k 3 ,…,k n ) And a set of weight coefficients Y (p) 1 ,p 2 ,p 3 ,…,p n )。
1.1.4 Final System resolution success Rate set T (k) based on isomers 1 ,k 2 ,k 3 ,…,k n ) And a set of weight coefficients Y (p) 1 ,p 2 ,p 3 ,…,p n ) Calculating an operational index parameter Z of the isomer in the current polling period according to the following calculation principle:
Z=k 1 p 1 +k 2 p 2 +…+k n p n
1.1.5 the request quantity Q determines the period of the network management module actively detecting the isomer state, and the first N domain names determine the detailed degree of the network management module for isomer detection. The method comprises the steps that the network management module determines the processing mode of the network management module on isomers according to the operational index parameters Z of the isomers, which are obtained in each detection period, the network management module initializes the operational index parameters Z of the isomers when each detection period starts, and offline or restart operation is carried out on the isomers when the operational index parameters Z are lower than a preset threshold value.
The technical scheme of the invention has the following beneficial effects:
the mimicry DNS defense system can quickly and effectively discover and process abnormal isomers through an RDFH mechanism, so that the system load is reduced, and the performance and the availability of the system are further improved.
It should be noted that for simplicity of description, the above method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present application is not limited by the order of acts described, as some steps may occur in other orders or concurrently depending on the application. Further, those skilled in the art should also appreciate that the embodiments described in the specification are preferred embodiments and that the acts and modules referred to are not necessarily required in this application.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects.
Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and so forth) having computer-usable program code embodied therein.
Finally, it should be noted that: although the present invention has been described in detail with reference to the foregoing embodiments, it will be apparent to those skilled in the art that changes may be made in the embodiments and/or equivalents thereof without departing from the spirit and scope of the invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (3)
1. A mimicry DNS defense system abnormity detection processing method is characterized by comprising the following steps:
step 1) after a system starts to receive a DNS request of a client, recording the DNS request distributed to each isomer and an analysis result returned by each isomer;
step 2) sequencing all recorded domain name resolution requests according to the request times;
step 3) taking the first N domain names as probe domain names, simultaneously obtaining the respective authorization server address of each probe domain name, and inquiring and recording the correct resolution result of the probe domain names to an authorization server;
step 4) traversing all probe domain names, counting the resolution result of each isomer recorded by the selective calling module to the request probe domain name, and calculating the resolution success rate and the weight coefficient of each isomer to the probe domain name;
step 5), after traversing is completed, obtaining an analysis success rate set and a weight coefficient set of the isomers to all probe domain names;
step 6) calculating the operational index parameters of the isomers in the current polling period according to the analysis success rate set and the weight coefficient set of the isomers;
step 7), when the operational index parameter Z is lower than a preset threshold value, carrying out offline or restarting operation on the isomer; in the step 3), the method specifically comprises the following steps:
taking the first N domain names as probe domain names, simultaneously obtaining the respective authorization server address of each probe domain name, inquiring the authorization server about the correct resolution result of the probe domain name and recording A (r) 1 ,r 2 ,r 3 ,...,r n ) A represents the correct resolution result set for all probe domain names, element r n The nth probe domain name and the correct resolution result thereof are represented; in the step 4), the method specifically comprises the following steps:
traverse all probe domain name correct resolution result set A (r) 1 ,r 2 ,r 3 ,...,r n ) The domain name r of each isomer recorded by the statistic tuning module for the request probe n Analysis result set B (r) of (2) 1 ,r 2 ,r 3 ,...,r n ) Calculating to obtain the domain name r of each isomer pair probe n The analysis success rate K and the weight coefficient P; in the step 5), the method specifically comprises the following steps:
when all the probe domain names are correctly resolved, the result set A (r) 1 ,r 2 ,r 3 ,...,r n ) After the traversal is completed, the isomer pair is obtainedResolution success rate set T (k) with probe domain name 1 ,k 2 ,k 3 ,...,k n ) And a set of weight coefficients Y (p) 1 ,p 2 ,p 3 ,...,p n );k n Represents the resolution success rate of the isomer to the domain name of the nth probe, p n Represents the weight coefficient of the isomer to the nth probe domain; in the step 6), the method specifically comprises the following steps:
set of resolution success rates T (k) from isomers 1 ,k 2 ,k 3 ,...,k n ) And a set of weight coefficients Y (p) 1 ,p 2 ,p 3 ,...,p n ) An operational index parameter Z is calculated for the current polling cycle isomer, wherein,
Z=k 1 p 1 +k 2 p 2 +...+k n p n ,
k n represents the resolution success rate of the isomer to the domain name of the nth probe, p n Represents the weight coefficient of the isoform to the nth probe domain.
2. The anomaly detection processing method for the mimicry DNS defense system according to claim 1, wherein step 1) further comprises:
when the mimicry DNS defense system is started, initializing a runnable index parameter Z of all isomers in an active isomer pool, wherein Z =100%, and Z is the only parameter of an online isomer and is used for embodying the comprehensive availability of the current isomer.
3. The anomaly detection processing method for the mimicry DNS defense system according to claim 1, wherein in step 4), the correct resolution result set A (r) of all probe domain names is traversed 1 ,r 2 ,r 3 ,...,r n ) And counting the resolution result B (r) of each isomer recorded by the tuning module to the probe domain name request record 1 ,r 2 ,r 3 ,...,r n ) Calculating to obtain the domain name r of each isomer pair probe n The analysis success rate K and the weight coefficient P include:
calculating an analytic success rate K:
x denotes an empty set, A (r) i ) Representing the probe domain name r i As a result of correct resolution, B is the isoform pair probe domain name A (r) i ) C represents the isoform pair probe domain name A (r) i ) The error resolution result set of (2);
j (C, B) represents the similarity coefficient between the error analysis result set and the analysis result set of the isomer;
k represents the Jacard distance between the error analysis result set and the analysis result set of the isomer, namely the analysis success rate;
calculating weight coefficient P, and counting probe domain name r n Number of requests C sum Ratio in the total number of DNS requests received by the isoform Q:
c sum indicates probe domain name A (r) during system statistics i ) Q represents the total number of requests during the system statistics.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110022406.XA CN112600859B (en) | 2021-01-08 | 2021-01-08 | Anomaly detection processing method for mimicry DNS (Domain name System) defense system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110022406.XA CN112600859B (en) | 2021-01-08 | 2021-01-08 | Anomaly detection processing method for mimicry DNS (Domain name System) defense system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112600859A CN112600859A (en) | 2021-04-02 |
| CN112600859B true CN112600859B (en) | 2023-03-31 |
Family
ID=75207105
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110022406.XA Active CN112600859B (en) | 2021-01-08 | 2021-01-08 | Anomaly detection processing method for mimicry DNS (Domain name System) defense system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112600859B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106657050A (en) * | 2016-12-15 | 2017-05-10 | 迈普通信技术股份有限公司 | Domain name resolution anomaly detection method, detection management server and gateway equipment |
| CN110247932A (en) * | 2019-07-04 | 2019-09-17 | 北京润通丰华科技有限公司 | A kind of detection system and method for realizing DNS service defence |
| CN111698234A (en) * | 2020-06-03 | 2020-09-22 | 北京润通丰华科技有限公司 | Calling method of isomers in DNS (Domain name System) defense system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9405585B2 (en) * | 2007-04-30 | 2016-08-02 | International Business Machines Corporation | Management of heterogeneous workloads |
-
2021
- 2021-01-08 CN CN202110022406.XA patent/CN112600859B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106657050A (en) * | 2016-12-15 | 2017-05-10 | 迈普通信技术股份有限公司 | Domain name resolution anomaly detection method, detection management server and gateway equipment |
| CN110247932A (en) * | 2019-07-04 | 2019-09-17 | 北京润通丰华科技有限公司 | A kind of detection system and method for realizing DNS service defence |
| CN111698234A (en) * | 2020-06-03 | 2020-09-22 | 北京润通丰华科技有限公司 | Calling method of isomers in DNS (Domain name System) defense system |
Non-Patent Citations (3)
| Title |
|---|
| 一种基于执行体异构度的拟态裁决优化方法;武兆琪等;《计算机工程》;20200531(第05期);全文 * |
| 一种基于拟态安全防御的DNS框架设计;王禛鹏等;《电子学报》;20171115(第11期);全文 * |
| 一种基于拟态防御的差异化反馈调度判决算法;高明等;《电信科学》;20200520(第05期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112600859A (en) | 2021-04-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11269718B1 (en) | Root cause detection and corrective action diagnosis system | |
| CN110413227B (en) | Method and system for predicting remaining service life of hard disk device on line | |
| US10592666B2 (en) | Detecting anomalous entities | |
| Zheng et al. | Co-analysis of RAS log and job log on Blue Gene/P | |
| US9268664B2 (en) | Method and system for synchronous and asynchronous monitoring | |
| JP2019537115A (en) | Method, apparatus and system for detecting abnormal user behavior | |
| US7457722B1 (en) | Correlation of application instance life cycle events in performance monitoring | |
| CN107168995B (en) | Data processing method and server | |
| CN109062769B (en) | Method, device and equipment for predicting IT system performance risk trend | |
| US9860109B2 (en) | Automatic alert generation | |
| CN118473904B (en) | Abnormal root cause determination method, system, storage medium and program product | |
| US11003538B2 (en) | Automatically configuring boot order in recovery operations | |
| CN116643906B (en) | Cloud platform fault processing method and device, electronic equipment and storage medium | |
| Kaitovic et al. | Impact of failure prediction on availability: Modeling and comparative analysis of predictive and reactive methods | |
| CN119420629A (en) | A method for locating the root cause of microservice failures based on graph convolutional neural networks | |
| CN112600859B (en) | Anomaly detection processing method for mimicry DNS (Domain name System) defense system | |
| US20100174947A1 (en) | Damaged software system detection | |
| CN115686909A (en) | Memory failure prediction method and device, storage medium and electronic device | |
| CN116070963A (en) | Online customer service system health degree detection method based on big data | |
| CN113094243B (en) | Node performance detection method and device | |
| CN119383169A (en) | A regional service interruption IP recovery method, system, device and medium | |
| CN114676422B (en) | Resource access anomaly detection method, device and equipment | |
| CN116170514A (en) | Service policy calling implementation method and system for middle-station business | |
| CN111258788B (en) | Disk failure prediction method, device and computer readable storage medium | |
| JP7658907B2 (en) | Improved computer-implemented event prediction and information provision |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |