本文選題：互聯(lián)網(wǎng) + DNS��； 參考：《北京郵電大學(xué)》2017年碩士論文

【摘要】：隨著網(wǎng)絡(luò)滲透到人們生活的方方面面,網(wǎng)絡(luò)中產(chǎn)生的數(shù)據(jù)已經(jīng)呈現(xiàn)爆炸式增長(zhǎng),我們悄然步入大數(shù)據(jù)時(shí)代。大數(shù)據(jù)時(shí)代既給我們帶來(lái)了機(jī)遇也帶來(lái)了挑戰(zhàn),如何利用海量數(shù)據(jù)挖掘出有價(jià)值的信息,以指導(dǎo)企業(yè)甚至國(guó)家的發(fā)展是需要深入研究的課題。如今網(wǎng)絡(luò)中包含多種多樣的數(shù)據(jù)流量,有傳統(tǒng)通信的通話信息,網(wǎng)絡(luò)視頻信息,音頻信息等等,每一類別都值得深入研究。本課題選取網(wǎng)絡(luò)基礎(chǔ)的DNS流量。DNS協(xié)議幾乎在所有的網(wǎng)絡(luò)應(yīng)用中都會(huì)被使用,研究和分析DNS流量具有很重要的意義。本文首先對(duì)DNS流量采集及分析的背景和意義進(jìn)行論述,隨后詳細(xì)介紹了 DNS協(xié)議的域名空間,解析流程以及報(bào)文格式,為后續(xù)流量采集系統(tǒng)的設(shè)計(jì)和實(shí)現(xiàn)奠定基礎(chǔ)。并且對(duì)分布式處理平臺(tái)Spark進(jìn)行介紹,詳細(xì)說(shuō)明了 Spark設(shè)計(jì)原理,工作流程等,為后續(xù)的流量分析和處理提供了可靠的平臺(tái)。本文主要從三個(gè)方面進(jìn)行闡述。首先是設(shè)計(jì)并實(shí)現(xiàn)了 DNS采集系統(tǒng),對(duì)采集系統(tǒng)的部署環(huán)境和基礎(chǔ)架構(gòu)說(shuō)明后,又詳細(xì)介紹了 DNS子模塊在報(bào)文處理,匹配邏輯上的實(shí)現(xiàn)。接著對(duì)正常的DNS流量進(jìn)行分析,流量來(lái)源主要分為校園網(wǎng)和骨干網(wǎng)。校園網(wǎng)上,主要從用戶和服務(wù)器兩個(gè)維度分析了流量的分布。骨干網(wǎng)上則主要對(duì)熱門服務(wù)器從成功率和服務(wù)延遲兩方面對(duì)服務(wù)質(zhì)量做相應(yīng)評(píng)價(jià)。對(duì)DNS異常流量的分析,主要為設(shè)計(jì)一個(gè)惡意域名發(fā)現(xiàn)系統(tǒng),利用分類的思想,從樣本采集,特征提取,分類器選擇等方面建立分類模型,并對(duì)分類模型進(jìn)行性能評(píng)估。課題利用真實(shí)網(wǎng)絡(luò)中的DNS流量,通過(guò)分析和挖掘的方式從多方面進(jìn)行研究,尤其對(duì)異常流量的研究對(duì)網(wǎng)絡(luò)安全具有重要的意義。
[Abstract]:With the penetration of the network into all aspects of people's lives, the data generated in the network has been explosive growth, we quietly enter the big data era. The era of big data has brought us both opportunities and challenges. How to use mass data to mine valuable information to guide the development of enterprises and even countries is a subject that needs further study. Nowadays, there are many kinds of data flow in the network, such as traditional communication, network video, audio and so on. In this paper, the network based DNS traffic. DNS protocol will be used in almost all network applications. It is of great significance to study and analyze DNS traffic. This paper first discusses the background and significance of DNS traffic collection and analysis, and then introduces the domain name space, parsing flow and message format of DNS protocol in detail, which lays a foundation for the design and implementation of subsequent traffic collection system. The distributed processing platform Spark is introduced, and the design principle and workflow of Spark are explained in detail, which provides a reliable platform for the subsequent flow analysis and processing. This article mainly carries on the elaboration from three aspects. First of all, the DNS acquisition system is designed and implemented. After explaining the deployment environment and infrastructure of the acquisition system, the realization of DNS sub-module in message processing and matching logic is introduced in detail. Then the normal DNS traffic is analyzed, the traffic source is mainly divided into campus network and backbone network. On campus network, traffic distribution is analyzed from two dimensions: user and server. The backbone network mainly evaluates the service quality of hot servers from the aspects of success rate and service delay. The analysis of DNS anomaly traffic is mainly to design a malicious domain name discovery system. By using the idea of classification, the classification model is established from the aspects of sample collection, feature extraction and classifier selection, and the performance of the classification model is evaluated. Using the DNS traffic in the real network, the research is carried out from many aspects by analyzing and mining, especially the research on the abnormal traffic is of great significance to the network security.
【學(xué)位授予單位】：北京郵電大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2017
【分類號(hào)】：TP393.06

【相似文獻(xiàn)】

相關(guān)期刊論文 前10條

1 謝喜秋,梁潔,彭巍,陳s，

本文編號(hào)：1891258