SFCSD: A Self-Feedback Correction System for DNS Based on Active and Passive Measurement.

Domain Name System (DNS), one of the important infrastructure in the Internet, was vulnerable to attacks, for the DNS designer didnu0027t take security issues into consideration at the beginning. The defects of DNS may lead to usersu0027 failure of access to the websites, whatu0027s worse, users might suffer a huge economic loss. In order to correct the DNS wrong resource records, we propose a Self-Feedback Correction System for DNS (SFCSD), which can find and track a large number of common websitesu0027 domain name and IP address correct correspondences to provide users with a real-time auto-updated correct (IP, Domain) binary tuple list. By matching specific strings with SSL, DNS and HTTP traffic passively, filtering with the CDN CNAME and non-homepage URL feature strings, verifying with webpage fingerprint algorithm, SFCSD obtains a large number of highly possibly correct IP addresses to make an active manual correction in the end. Its self-feedback mechanism can expand search range and improve performance. Experiments show that, SFCSD can achieve 94.3% precision and 93.07% recall rate with the optimal threshold selection in the test dataset. It has 8Gbps processing speed stand-alone to find almost 1000 possibly correct (IP, Domain) per day for the each specific string and to correct almost 200.