基于DNS的大學防垃圾郵件程序檢測[外文翻譯]

包含中文翻譯和英文原文，內容詳細完整，建議下載參考！

中文： 5200 字
英文： 14900字符


摘要：從2007年4月1日到2008年4月30日，我們在DNS查詢流量問題上進行了一個熵的研究，研究是通過一個大學校園網(wǎng)絡外面到頂端的域名解析服務器，在其pc房終端上查詢反向解析。下面是有意思的發(fā)現(xiàn)：（1）在2008年1月17日，DNS查詢流量主要是被幾個特殊的IP地址以他們的查詢關鍵字支配（2）我們在PC房的在幾個特殊關鍵字上，IP地址被發(fā)現(xiàn)的終端上進行了辯證式的分析，進而推斷出一個結論，在插入基于關鍵磁盤存儲的USB時，PCs變成垃圾郵件僵尸機。

1.引言
最近，我們報道說，在校園網(wǎng)內，當獨特的源IP地址的垃圾郵件程序增加時基于DNS查詢的DNS查詢數(shù)據(jù)包流量熵在校園網(wǎng)外的關鍵字大大減少。
在這份論文中，我們在PTR記錄資源上進行了熵分析，它是基于校園網(wǎng)絡外部的DNS查詢包流量 ......



Abstract

We carried out an entropy study on the DNS query traffic from the outside of a university campus network to the top domain DNS server when querying about reverse resolution on the PC room terminals through April 1st, 2007 to April 30th, 2008. The following interesting results are given: (1) In January 17th, 2008, the DNS query traffic is mainly dominated by several specific IP addresses as their query keywords. (2) We carried out forensic analysis on the PC room terminals in which IP addresses are found in the several specific keywords and it is concluded that the PCs become spam bots when inserting USB based key disk storage.

1. Introduction

Recently, we reported that the DNS query keywords based entropy in the DNS query packet traffic from the outside of the campus network decreases considerably while the unique source IP addresses based entropy increases when the spam bots activity is high in the campus network [1].
In this paper, we carried out entropy analysis on the PTR resource record (RR)-based DNS query packets traffic from the outside of the campus network ......