基于域名系统知识图谱的CDN域名识别技术

doi:10.3778/j.issn.1002-8331.2010-0338

摘要/Abstract

摘要： 内容分发网络（content delivery network，CDN）是互联网上的重要基础设施，目前识别CDN域名的方法主要利用域名字符特征、HTTP关键字和DNS记录等，识别范围有限。针对大规模识别CDN域名的问题，提出了基于域名系统知识图谱的CDN域名识别技术。根据域名系统的特征进行本体建模、数据获取、知识图谱构建，通过分析域名系统相关数据获取CDN服务特征。将CDN域名作为知识图谱域名节点的属性，定义推理规则，通过知识图谱内包含的实体、关系和属性进行关联分析，识别CDN域名。基于该方法对Alexa排名前100万域名及其部分子域名进行建模识别，构建了超百万节点和关系的域名系统知识图谱。实验结果表明，该方法在不通过手工识别构建样本集的情况下可以达到88%的分类精度和86%的F1指数。

关键词: 域名系统, 知识图谱, 本体构建, CDN识别, 知识推理

Abstract: Content delivery network（CDN） has become a significant infrastructure on the Internet. The information such as domain name character, HTTP keyword and DNS records are used in the current CDN recognition methods with limited identification range. Focused on the problem of large-scale recognition of the CDN domain, a CDN domain recognition technology based on constructing the knowledge graph of the domain name system is proposed. The ontology modeling, data acquisition, and construction of knowledge graph based on the characteristics of the domain name system and CDN service characteristics are obtained by analyzing the relevant data of the domain name system. Considering CDN as an attribute of the domain name node, attribute inference rules are defined. CDN domain identifies with the association analysis through the entities, relationships, and attributes contained in the knowledge graph. Based on the top 1 million domain names of Alexa to construct the DNS knowledge graph and the experimental results show that the method can achieve 88% precision and 86% F1 score without constructing data sets through manual identification.

Key words: domain name system, knowledge graph, ontology construction, CDN recognition, knowledge inference

闫志豪, 刘京菊, 郭徽, 郭兵阳. 基于域名系统知识图谱的CDN域名识别技术[J]. 计算机工程与应用, 2022, 58(6): 149-156.

YAN Zhihao, LIU Jingju, GUO Hui, GUO Bingyang. CDN Domain Recognition Method Based on DNS Knowledge Graph[J]. Computer Engineering and Applications, 2022, 58(6): 149-156.

参考文献

[1] NGUYEN H V，IACONO L L，FEDERRATH H.Your Cache has fallen：cache-poisoned denial-of-service attack[C]//Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security，2019：1915-1936.
[2] LI W，SHEN K，GUO R，et al.CDN backfired：amplification attacks based on HTTP range requests[C]//2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks（DSN），2020：14-25.
[3] HUANG C，WANG A，LI J，et al.Measuring and evaluating large-scale CDNs[C]//Proceedings of the 8th ACM SIGCOMM Conference on Internet Measurement，2008：15-29.
[4] ADHIKARI V K，GUO Y，HAO F，et al.Measurement study of Netflix，Hulu，and a tale of three CDNs[J].IEEE/ACM Transactions on Networking，2014，23（6）：1984-1997.
[5] GUO R，CHEN J，LIU B，et al.Abusing CDNs for fun and profit：security issues in CDNs’ origin validation[C]//2018 IEEE 37th Symposium on Reliable Distributed Systems（SRDS），2018：1-10.
[6] B?TTGER T，CUADRADO F，TYSON G，et al.Open connect everywhere：a glimpse at the internet ecosystem through the lens of the netflix cdn[J].ACM SIGCOMM Computer Communication Review，2018，48（1）：28-34.
[7] CHEN X，LI G，ZHANG Y，et al.A deep learning based fast-flux and CDN domain names recognition method[C]//Proceedings of the 2019 2nd International Conference on Information Science and Systems，2019：54-59.
[8] LI H，HE L，ZHANG H，et al.CDN-hosted domain detection with supervised machine learning through DNS records[C]//Proceedings of the 3rd International Conference on Information Science and System，2020：144-149.
[9] 李乔，何慧，张宏莉.内容分发网络研究[J].电子学报，2013，41（8）：1560-1568.
LI Q，HE H，ZHANG H L.Research on content delivery networks[J].Acta Electronica Sinica，2013，41（8）：1560-1568.
[10] MOCKAPETRIS P V.RFC 1035-Domain names-implementation and specification[R].Internet Engineering Task Force，2019-03-16.
[11] AMIT S.Introducing the knowledge graph[R].America：Official Blog of Google，2012.
[12] 杜治娟，杜治蓉，王璐.基于相邻和语义亲和力的开放知识图谱表示学习[J].计算机研究与发展，2019，56（12）：2549-2561.
DU Z J，DU Z R，WANG L.Open knowledge graph representation learning based on neighbors and semantic affinity[J].Journal of Computer Research and Development，2019，56（12）：2549-2561.
[13] 王昊奋，丁军，胡芳槐，等.大规模企业级知识图谱实践综述[J].计算机工程，2020，46（7）：1-13.
WANG H F，DING J，HU F H，et al.Survey on large scale enterprise-level KG system practices[J].Computer Engineering，2020，46（7）：1-13.
[14] 刘峤，李杨，段宏，等.知识图谱构建技术综述[J].计算机研究与发展，2016，53（3）：582-600.
LIU Q，LI Y，DUAN H，et al.Knowledge graph construction techniques[J].Journal of Computer Research and Development，2016，53（3）：582-600.
[15] 徐增林，盛泳潘，贺丽荣，等.知识图谱技术综述[J].电子科技大学学报，2016，45（4）：589-606.
XU Z L，SHENG Y P，HE L R.Review on knowledge graph techniques[J].Journal of University of Electronic Science and Technology of China，2016，45（4）：589-606.
[16] 贾焰，亓玉璐，尚怀军，等.一种构建网络安全知识图谱的实用方法[J].工程（英文），2018，4（1）：53-60.
JIA Y，QI Y L，SHANG H J，et al.A practical approach to constructing a knowledge graph for cybersecurity[J].Engineering，2018，4（1）：53-60.
[17] NAJAFI P，MüHLE A，PüNTER W，et al.MalRank：a measure of maliciousness in SIEM-based knowledge graphs[C]//Proceedings of the 35th Annual Computer Security Applications Conference，2019：417-429.
[18] NOY N F，MCGUINNESS D L.Ontology development 101：a guide to creating your first ontology，Technical Report KSL-01-05[R].Stanford Knowledge Systems Laboratory，2001.
[19] SYED Z，PADIA A，FININ T，et al.UCO：a unified cybersecurity ontology[C]//Proceedings of the AAAI Workshop on Artificial Intelligence for Cyber Security，2015：14-21.