The Design and Implementation of Intelligent Domain Name System

域名系统（DomainNameSystem，简称为DNS）是Internet的一项核心服务。域名系统提供了域名和其IP地址的映射关系，客户端可以使用具有实际含义且便于记忆的域名方便地接入Internet。DNS域名解析是互联网中大部分网络应用的寻址方式，几乎所有的网络服务和协议在通信中都需要使用DNS，因此，稳定、快速、准确的域名解析过程是提高网络服务速度，保证网络服务质量的重要前提。 针对上述问题，本文提出了智能DNS解析方案。本系统配合使用Anycast技术，对外提供一个统一的DNS域名解析服务的IP地址，客户端直接向此IP地址发送域名解析请求。系统采用基于OSPF的单路径路由协议。在形...Domain name system (in short, DNS) is a core service of Internet. The domain name system provides the mapping relationship between domain name and IP address. Client can use the humanized domain name to access Internet conveniently. Domain name analysis is the actual addressing mode of the majority of internet-based application. Therefore, a rapid and efficient domain name analysis is very necessa...学位：工学硕士院系专业：信息科学与技术学院_控制理论与控制工程学号：2322010115323

Fast flux botnet detection framework using adaptive dynamic evolving spiking neural network algorithm

A botnet, a set of compromised machines controlled distantly by an attacker, is the basis of numerous security threats around the world. Command and Control servers are the backbones of botnet communications, where the bots and botmasters send report and attack orders to each other. Botnets are also categorized according to their C&C protocols. A Domain Name System method known as Fast-Flux Service Network (FFSN) – a special type of botnet – has been engaged by bot herders to cover malicious botnet activities and increase the lifetime of malicious servers by quickly changing the IP addresses of the domain name over time. Although several methods have been suggested for detecting FFSNs, they have low detection accuracy especially with zero-day domain. In this research, we propose a new system called Fast Flux Killer System (FFKS) that has the ability to detect FF-Domains in online mode with an implementation constructed on Adaptive Dynamic evolving Spiking Neural Network (ADeSNN). The proposed system proved its ability to detect FF domains in online mode with high detection accuracy (98.77%) compare with other algorithms, with low false positive and negative rates respectively. It is also proved a high level of performance. Additionally, the proposed adaptation of the algorithm enhanced and helped in the parameters customization process

The Ciao clp(FD) library. A modular CLP extension for Prolog

We present a new free library for Constraint Logic Programming over Finite Domains, included with the Ciao Prolog system. The library is entirely written in Prolog, leveraging on Ciao's module system and code transformation capabilities in order to achieve a highly modular design without compromising performance. We describe the interface, implementation, and design rationale of each modular component. The library meets several design goals: a high level of modularity, allowing the individual components to be replaced by different versions; highefficiency, being competitive with other TT> implementations; a glass-box approach, so the user can specify new constraints at different levels; and a Prolog implementation, in order to ease the integration with Ciao's code analysis components. The core is built upon two small libraries which implement integer ranges and closures. On top of that, a finite domain variable datatype is defined, taking care of constraint reexecution depending on range changes. These three libraries form what we call the TT> kernel of the library. This TT> kernel is used in turn to implement several higher-level finite domain constraints, specified using indexicals. Together with a labeling module this layer forms what we name the TT> solver. A final level integrates the CLP (J7©) paradigm with our TT> solver. This is achieved using attributed variables and a compiler from the CLP (J7©) language to the set of constraints provided by the solver. It should be noted that the user of the library is encouraged to work in any of those levels as seen convenient: from writing a new range module to enriching the set of TT> constraints by writing new indexicals

A general overview of cyclic transmultiplexers with cyclic modulation: Implementation and angular parametrization.

31 pages.This preprint provides a general framework for cyclic transmultiplexers (TMUXs) with cyclic modulation. This TMUX also corresponds to a multicarrier modulation system of the Filtered MultiTone (FMT) type where the linear convolution is replaced by a cyclic one, hence the name Cyclic Block FMT (CB-FMT). In this preprint we present the Perfect Reconstruction (PR) conditions in the time and frequency domains. A duality theorem is proved showing that each PR solution in the frequency domain is connected to a dual PR solution in the time domain. Then, two decomposition theorems are established leading to modular implementations of the cyclic TMUX. For one of this implementation we provide an angular parametrization that only involves angles corresponding to independent parameters. Finally, a procedure to reconstruct the prototype function from all the elementary blocks of the modular implementation is described step-by step

Scalable Byzantine-fault-tolerant secure DNS

Thesis (M.Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2001.Includes bibliographical references (p. 98-101).The domain name system is the standard mechanism on the Internet to advertise and access important information about hosts. At its inception, DNS was not designed to be a secure protocol. The biggest security hole in DNS is the lack of support for data integrity authentication, source authentication, and authorization. To make DNS more robust, a security extension of the domain name system (DNSSEC) was proposed by the Internet Engineering task force (IETF) in late 1997. The basic idea of the DNS security extension is to provide data integrity and origin authentication by means of cryptographic digital signatures. However, the proposed extension suffers from some security flaws. In this thesis, we discuss the security problems of DNS and its security extension. As a solution, we present the design and implementation of a Byzantine-fault-tolerant domain name system. The system consists of 3f+1 tightly coupled name servers and guarantees safety and liveness properties assuming no more than f replicas are faulty within a small window of vulnerability. To authenticate communication between a client and a server to provide per-query data authentication, we propose to use symmetric key cryptography. To address scalability concerns, we propose a hierarchical organization of name servers with a hybrid of iterative and recursive query resolution approaches. The issue of cache inconsistency is addressed by designing a hierarchical cache with an invalidation protocol using leases. Because of the use of hierarchical state partitioning and caching to achieve scalability in DNS, we develop an efficient protocol that allows replicas in a group to request operations from another group using very few messages. We show that the scalable Byzantine-fault tolerant domain name system, while providing a much higher degree of security and reliability, performs as well or even better than an implementation of the DNS security extension.by Sarah Ahmed.M.Eng

Internet Domain Names in China

This article aims at documenting the implementation of the Domain Name System in China, in coordination and in tension with the global Domain Name System since the end of the 1980s with the Chinese country-code top-level domain “.cn,” and more recently with the creation of Chinese-language domain names such as “.中国” and “.中文网.” It puts into perspective the notion of “digital sovereignty” by analysing the role of the DNS in the “localisation” of online content as part of the censorship system. It further shows that although Chinese representatives have always been very critical of the existing architecture and management of the DNS on the global stage, their attitude has evolved from de facto, bottom-up participation and protection of their interests to a more confident and assertive behaviour, as the growth of the Chinese Internet has put them in a more dominant position