面向域名解析系统的知识图谱构建与应用方法

为提高网络域名系统(domain name system, DNS)服务器日志分析能力，综合多种技术提出了构建面向域名解析系统的知识图谱。首先，应用域名解析、权威域名服务器、别名解析、自治系统等基本原理设计了基于aiohttp和dig技术相结合的数据采集方案，构建了相应的领域知识库；其次基于该知识库设计和构建了面向域名解析系统的知识图谱，其节点规模达近500万；然后应用该知识图谱解决web日志中异常访问行为识别效果差的实际问题。以某国家网络信息安全科研机构的网络服务器日志为研究对象，对比是否采用知识图谱进行实验：在爬虫行为、域名暴力解析行为、DNS重复解析行为的识别实验中，F₁值分别提高了14.88%、47.23%和91.63%。结果表明，该知识图谱能够有效提高web日志中异常行为识别率。

Knowledge Graph Construction and Application Method for Domain Name System

In order to improve the ability of network DNS server log analysis, the knowledge graph for Domain Name System is proposed and conducted combining a variety of technologies. Firstly, based on some basic principles of domain name resolution, authoritative domain name server, alias resolution, autonomous system, etc., the data collection scheme based on the combination of aiohttp and dig technology is designed, and a corresponding domain knowledge base is built; secondly, based on this knowledge base, a knowledge graph for Domain Name System is designed and constructed, with a node size of nearly 5million; then the knowledge graph is applied to solve the practical problem of poor recognition effect of abnormal access behavior in Web logs. Whether to use knowledge graph for experiments is compared by taking the web server logs of a national network information security research institution as the research object: in the identification experiments of crawler behavior, domain name violent resolution behavior, and DNS repeated resolution behavior, the F1 value increased by 14.88%, 47.23% and 91.63%. The results show that the knowledge graph can effectively improve the recognition rate of abnormal behaviors in web logs.