MFRdnsI: A DNS Recursive Server Identification and Classification Method Based on Deep Learning

The Internet and domain name infrastructure are developing rapidly. The amount of domain name registration and system deployment scale of the domain name system continue to grow. The security and stable operation of the domain name system is a necessary for the stable running of the Internet. It is necessary to monitor the security status of important network elements such as the recursive server of the domain name system. In the work of Internet recursive server identification, the active detection method often has some problems. A lot of recursive server refuse to reply to foreign requester and some internet areas are unreachable to the probers. This paper proposes a recursive server identification method based on deep learning called MFRdnsI, which analysis the traffic direction characteristics, traffic statistics features and protocol field features in the DNS resolving records and uses multi-layer perceptron for automatic learning of multidimensional features. The experimental results show that MFRdnsI can effectively identify and classify the recursive server IP in the resolving logs and has high accuracy and low false positive rate.