浏览全部资源
扫码关注微信
政府教育域名权威资源记录异常变更测量研究
Measurement study on abnormal changes in authoritative resource records of government and educational domains
- 通信学报 2024年45卷第Z2期 页码:16-26
- 作者机构:
清华大学网络科学与网络空间研究院,北京 100084
- 作者简介:
[ "孙俊哲(2002-),男,北京人,清华大学硕士生,主要研究方向为网络安全和互联网测量。" ]
[ "陆超逸(1995-),男,四川乐山人,博士,清华大学在站博士后,主要研究方向为网络安全、互联网测量。" ]
[ "刘保君(1994-),男,安徽宿州人,博士,清华大学助理教授、博士生导师,主要研究方向为网络安全、网络测量、网络犯罪检测等。" ]
[ "段海新(1972-),男,山东济宁人,博士,清华大学教授、博士生导师,主要研究方向为网络和系统安全。" ]
[ "孙东红(1974-),女,黑龙江哈尔滨人,博士,清华大学副研究员,主要研究方向为网络与信息安全。" ]
- 基金信息:
DOI:10.11959/j.issn.1000-436x.2024252
中图分类号: TN915.08收稿日期:2024-08-21,
纸质出版日期:2024-11-30
- 稿件说明:
移动端阅览
孙俊哲,陆超逸,刘保君等.政府教育域名权威资源记录异常变更测量研究[J].通信学报,2024,45(Z2):16-26.
SUN Junzhe,LU Chaoyi,LIU Baojun,et al.Measurement study on abnormal changes in authoritative resource records of government and educational domains[J].Journal on Communications,2024,45(Z2):16-26.
孙俊哲,陆超逸,刘保君等.政府教育域名权威资源记录异常变更测量研究[J].通信学报,2024,45(Z2):16-26. DOI: 10.11959/j.issn.1000-436x.2024252.
SUN Junzhe,LU Chaoyi,LIU Baojun,et al.Measurement study on abnormal changes in authoritative resource records of government and educational domains[J].Journal on Communications,2024,45(Z2):16-26. DOI: 10.11959/j.issn.1000-436x.2024252.
摘要
权威侧域名劫持伴随资源记录异常变更。为实现权威侧域名劫持事件的及时预警,针对各国政府、教育等重要行业域名和高访问量的流行域名,构建权威侧资源记录监测系统,实现对全球750万个重要域名的主动抓取和长期监测。提出资源记录异常变更筛选算法并应用于监测数据,在一个月的分析周期内识别896个重要域名的资源记录存在异常变更。经人工验证,导致资源记录异常变更的原因包括域名管理者的不当配置、钓鱼攻击和非法内容展示等行为。
Abstract
Authoritative-side domain hijacking is characterized by abnormal changes in resource records. To enable timely warnings for authoritative-side domain hijacking incidents
a monitoring system for authoritative-side resource records was established
targeting significant domains in key sectors such as government and education
as well as high-traffic popular domains. The system actively captured and continuously monitored 7.5 million important domains globally. An algorithm was developed to filter abnormal changes in resource records
identifying abnormal changes in 896 significant domains within a one-month analysis period. Manual verification results indicate that the causes included misconfigurations by domain administrators
phishing attacks
and the display of illegal content.
关键词
Keywords
references
Forbes . Baidu hijacked by cyber army [EB/OL ] . 2010
DAGON D , PROVOS N , LEE C P , et al . Corrupted DNS resolution paths: the rise of a malicious resolution authority [C ] // Proceedings of the Network and Distributed System Security Symposium . Piscataway : IEEE Press , 2008 : 1 - 15 .
WEAVER N , KREIBICH C , PAXSON V . Redirecting DNS for ads and profit [C ] // Proceedings of IEEE Symposium on Foundations of Computational Intelligence . Piscataway : IEEE Press , 2011 : 1 - 6 .
CHUNG T , CHOFFNES D , MISLOVE A . Tunneling for transparency: a large-scale analysis of end-to-end violations in the Internet [C ] // Proceedings of the 2016 Internet Measurement Conference . New York : ACM Press , 2016 : 199 - 213 .
LIU B J , LU C Y , DUAN H X , et al . Who is answering my queries: understanding and characterizing interception of the DNS resolution path [C ] // Proceedings of the Applied Networking Research Workshop . New York : ACM Press , 2019 : 1113 - 1128 .
KÜHRER M , HUPPERICH T , BUSHART J , et al . Going wild: Large-scale classification of open DNS resolvers [C ] // Proceedings of the 2015 Internet Measurement Conference . New York : ACM Press , 2015 : 355 - 368 .
JONES B , FEAMSTER N , PAXSON V , et al . Detecting DNS root manipulation [M ] . Cham : Springer International Publishing , 2016
ARENDS R , AUSTEIN R , LARSON M , et al . RFC 4033: DNS security introduction and requirements [EB/OL ] . 2005 .
EASTLAKE D , ANDREWS M . Domain name system (DNS) cookies [J ] . RFC , 2016 , 7873 : 1 - 25 .
HU Z , ZHU L , HEIDEMANN J S , et al . Specification for DNS over transport layer security (TLS) [J ] . RFC , 2016 , 7858 : 1 - 19 .
KREBS B . A deep dive on the recent widespread DNS hijacking attacks [EB/OL ] . 2019 .
BENJAMIN B . Investigating DNS hijacking through high frequency measurements [D ] . California : University of California, San Diego , 2016 .
AKIWATE G , SOMMESE R , JONKER M , et al . Retroactive identification of targeted DNS infrastructure hijacking [C ] // Proceedings of the 22nd ACM Internet Measurement Conference . New York : ACM Press , 2022 : 14 - 32 .
HOUSER R , HAO S , LI Z , et al . A comprehensive measurement-based investigation of DNS hijacking [C ] // Proceedings of the 2021 40th International Symposium on Reliable Distributed Systems (SRDS) . Piscataway : IEEE Press , 2021 : 210 - 221 .
RIJSWIJK-DEIJ R V , JONKER M , SPEROTTO A , et al . A high-performance, scalable infrastructure for large-scale active DNS measurements [J ] . IEEE Journal on Selected Areas in Communications , 2016 , 34 ( 6 ): 1877 - 1888 .
KOUNTOURAS A , KINTIS P , LEVER C , et al . Enabling network security through active DNS datasets[M . Cham : Springer International Publishing , 2016 .
Rapid 7 Labs . Open Data [EB/OL ] . 2019 .
POCHAT V L , VAN GOETHEM T , TAJALIZADEHKHOOB S , et al . Tranco: a research-oriented top sites ranking hardened against manipulation [J ] . arXiv Preprint , arXiv: 1806.01156 , 2018 .
IZHIKEVICH L , AKIWATE G , BERGER B , et al . ZDNS: a fast DNS toolkit for Internet measurement [C ] // Proceedings of the 22nd ACM Internet Measurement Conference . New York : ACM Press , 2022 : 33 - 43 .
T 145 . Black mirror [EB/OL ] .( 2021 ) [ 2024-10-22 ] .
Github . 0xngmi [EB/OL ] . ( 2024 )[ 2024-10-22 ] .
ZIRNGIBL J , DEUSCH S , SATTLER P , et al . Domain parking: largely present, rarely considered! [C ] // Proceedings of Traffic Monitoring and Analysis . Berlin : Springer , 2022 : 1 - 9 .
BILL T . DNS hijacks target crypto platforms registered with Squarespace [EB/OL ] .( 2024 )[ 2024-10-22 ] .
0
浏览量
2
下载量
0
CSCD
- 网络PDF下载
- WORD下载
- XML下载
- Meta-XML下载
- BibTeX下载
- Endnote下载
- RefMan 下载
- NoteExpress下载
- NoteFirst下载
关联资源
相关文章
相关作者
相关机构
- 技术支持由北京北大方正电子有限公司提供 京ICP备09064830号-19
京公网安备11010802024621 - 本系统建议在Chrome、 IE9+ 以上版本浏览器阅读本站内容,360浏览器请切换至极速模式
- Cookies帮助我们提供服务并提供个性化体验。使用本网站,即表示您同意我们使用Cookies
- 总访问量:128158 今日访问量:423