Search

CN-118944970-B - Network security analysis method and system based on domain name monitoring mechanism

CN118944970BCN 118944970 BCN118944970 BCN 118944970BCN-118944970-B

Abstract

The invention discloses a network security analysis method and system based on a domain name monitoring mechanism, and relates to the technical field of network security. According to the network security analysis method and system based on the domain name monitoring mechanism, through the arrangement of the emergency processing system, when the domain name is hijacked or faked, the method and system can timely warn, timely lock the stored data value and the control authority, so that the data is effectively prevented from being lost or stolen, meanwhile, the DNS record can be automatically logged in the control panel through the DNS changing unit to be changed, the correct IP address of the server is pointed, the network security is further improved, through the arrangement of the routing inspection system, an additional security layer can be provided for DNS inquiry through the cooperation of the DNS expanding unit, the returned information is ensured not to be tampered, and the DNS inquiry and response are regularly monitored, so that abnormal behaviors can be timely found.

Inventors

  • PENG ZHENFEI
  • XU JING
  • WANG JIABIN
  • LIN HANYU
  • ZHU LINGXIN
  • HU JINLONG

Assignees

  • 江西金德铅业股份有限公司
  • 南昌星御隆科技有限公司

Dates

Publication Date
20260505
Application Date
20240909

Claims (4)

  1. 1. The network security analysis system based on the domain name monitoring mechanism is characterized by comprising an information monitoring system (11), an information processing system (22), an emergency processing system (33) and a patrol system (44); The output end of the information monitoring system (11) is connected with the input end of the information processing system (22), the output end of the information processing system (22) is connected with the input end of the emergency processing system (33), and the output end of the emergency processing system (33) is connected with the input end of the inspection system (44); the emergency processing system (33) comprises an alarm unit (331), a data recording unit (332), a locking unit (333), a control recovery unit (334), a DNS (domain name system) changing unit (335) and a security auditing unit (336); the output end of the warning unit (331) is connected with the input end of the data recording unit (332), the output end of the data recording unit (332) is connected with the input end of the locking unit (333), the output end of the locking unit (333) is connected with the input end of the control recovery unit (334), the output end of the control recovery unit (334) is connected with the input end of the DNS changing unit (335), and the output end of the DNS changing unit (335) is connected with the input end of the security inspection unit (336); The locking unit (333) comprises a server detection unit (3330), a data locking unit (3331) and a permission locking unit (3332); The output end of the server detection unit (3330) is connected with the input end of the data locking unit (3331), and the output end of the data locking unit (3331) is connected with the input end of the authority locking unit (3332); The emergency processing system (33) can warn in time when a domain name hijacking event occurs, lock the stored data value and the control authority to avoid data loss or theft, and can automatically log in the control panel through the DNS changing unit (335) to change the DNS record and point to the correct IP address of the server; the information monitoring system (11) comprises a detection unit (111), an information extraction unit (112), an information judgment unit (113) and a preprocessing unit (114); The output end of the detection unit (111) is connected with the input end of the information extraction unit (112), the output end of the information extraction unit (112) is connected with the input end of the information judgment unit (113), and the output end of the information judgment unit (113) is connected with the input end of the preprocessing unit (114); The information processing system (22) comprises an analysis unit (221), a judging unit (222), a data processing unit (223), a blocking unit (224) and a data storage unit (225); The output end of the analysis unit (221) is connected with the input end of the judging unit (222), the output end of the judging unit (222) is connected with the input end of the data processing unit (223), the output end of the data processing unit (223) is connected with the input end of the blocking unit (224), and the output end of the blocking unit (224) is connected with the input end of the data storage unit (225).
  2. 2. The network security analysis system based on domain name monitoring mechanism as claimed in claim 1, wherein the inspection system (44) comprises a DNS extension unit (441), a DNS monitoring unit (442) and an updating unit (443).
  3. 3. The network security analysis system based on domain name monitoring mechanism according to claim 2, wherein the output end of the DNS extension unit (441) is connected to the input end of the DNS monitoring unit (442), and the output end of the DNS monitoring unit (442) is connected to the input end of the update unit (443).
  4. 4. A network security analysis method based on the network security analysis system of any one of claims 1-3, characterized by comprising the following steps: s1, continuously monitoring a domain name based on an information monitoring system (11), judging whether the extracted information has the phenomenon of abnormal redirection or content change, and timely finding any possible safety problem or illegal use condition; S2, resolving the acquired domain name information through an information processing system (22), recovering normal resolution of the domain name in time and preventing illegal use when the domain name is hijacked or faked, and storing operation data to prevent loss; S3, based on an emergency processing system (33), the system can warn in time when a domain name hijacking event occurs, lock the stored data value and control authority, avoid data loss or theft, and simultaneously can automatically log in a control panel through a DNS changing unit (335) to change DNS records to point to a correct server IP address; S4, based on the inspection system (44), the DNS expansion unit (441) provides an additional security layer for DNS inquiry, ensures that returned information is not tampered, and periodically monitors DNS inquiry and response so as to discover abnormal behaviors in time.

Description

Network security analysis method and system based on domain name monitoring mechanism Technical Field The invention relates to the technical field of network security, in particular to a network security analysis method and system based on a domain name monitoring mechanism. Background The network security situation awareness is a technology for utilizing fusion of multi-element data, mining of massive data, data analysis based on artificial intelligence and visualization of the data, and refers to a 'domain name based network security detection method' with a bulletin number of 'CN 114844722B', wherein the traditional domain name based network security detection method is not provided with a function of regularly analyzing and obtaining an attack rule according to information such as network state, attack type, attack occurrence time and the like, so that the traditional domain name based network security detection method cannot predict network attack and further cannot protect the network attack in advance, but the problem of poor data protection still exists in the monitoring mode equipment, so that the phenomenon of losing or leaking of the data easily occurs when the domain name is attacked, and the network security analysis method and the system based on a domain name monitoring mechanism are provided for solving the problem. Disclosure of Invention Aiming at the defects of the prior art, the invention provides a network security analysis method and a system based on a domain name monitoring mechanism, which solve the problems in the background art. The network security analysis system based on domain name monitoring mechanism includes information monitoring system, information processing system, emergency processing system and inspection system; The output end of the information monitoring system is connected with the input end of the information processing system, the output end of the information processing system is connected with the input end of the emergency processing system, and the output end of the emergency processing system is connected with the input end of the inspection system; The emergency processing system comprises a warning unit, a data recording unit, a locking unit, a control recovery unit, a DNS changing unit and a security inspection unit; The output end of the warning unit is connected with the input end of the data recording unit, the output end of the data recording unit is connected with the input end of the locking unit, the output end of the locking unit is connected with the input end of the control recovery unit, the output end of the control recovery unit is connected with the input end of the DNS change unit, and the output end of the DNS change unit is connected with the input end of the security inspection unit. Preferably, the locking unit comprises a server detection unit, a data locking unit and a permission locking unit. Preferably, the output end of the server detection unit is connected with the input end of the data locking unit, and the output end of the data locking unit is connected with the input end of the authority locking unit. Preferably, the information monitoring system comprises a detection unit, an information extraction unit, an information judgment unit and a preprocessing unit. Preferably, the output end of the detection unit is connected with the input end of the information extraction unit, the output end of the information extraction unit is connected with the input end of the information judgment unit, and the output end of the information judgment unit is connected with the input end of the preprocessing unit. Preferably, the information processing system includes an analysis unit, a determination unit, a data processing unit, a blocking unit, and a data storage unit. Preferably, the output end of the analysis unit is connected with the input end of the judging unit, the output end of the judging unit is connected with the input end of the data processing unit, the output end of the data processing unit is connected with the input end of the blocking unit, and the output end of the blocking unit is connected with the input end of the data storage unit. Preferably, the inspection system comprises a DNS expansion unit, a DNS monitoring unit and an updating unit. Preferably, the output end of the DNS extension unit is connected with the input end of the DNS monitoring unit, and the output end of the DNS monitoring unit is connected with the input end of the updating unit. The invention also discloses a network security analysis method based on the network security analysis system, which specifically comprises the following steps: S1, continuously monitoring a domain name based on an information monitoring system, judging whether the extracted information has the phenomenon of abnormal redirection or content change, and timely finding any possible safety problem or illegal use condition; S2, resolving the acquired domain name information thro