Entropy study on A resource record DNS query traffic from the campus network (インターネットと運用技術)
スポンサーリンク
概要
- 論文の詳細を見る
We investigated the source IP address (SIP)- and query keyword (QK)-based entropy changes in the A and PTR resource records (RRs) based DNS query traffic between the DNS clients and the campus DNS server through January 1st to December 31st, 2008. The results are: (1) The both entropies simultaneously decrease when the targeted attack activity is high. (2) The SIP-based entropy increases while the QK-based one decreases, simultaneously, when the random attack activity is high. (3) The SIP-based entropy decreases while the QK-based one increases, at the same time, when the host search activity is high. Therefore, we can get important information for the security incidents by only observing the DNS query traffic.
- 2009-02-26
著者
-
TAKEMORI KAZUYA
Faculty of Engineering, Kumamoto University
-
Kong Wei
Graduate School of Science and Technology, Kumamoto University
-
KUBOTA SHINICHIRO
Center for Multimedia and Information Technologies, Kumamoto University
-
SUGITANI KENICHI
Center for Multimedia and Information Technologies, Kumamoto University
-
MUSASHI YASUO
Center for Multimedia and Information Technologies, Kumamoto University
-
Kong Wei
Graduate School Of Science And Technology Kumamoto University
-
Musashi Yasuo
Kumamoto Univ.
-
Musashi Yasuo
Graduate School Of Science And Technology Kumamoto University
-
Musashi Yasuo
Center For Multimedia And Information Technologies Kumamoto University
-
Takemori Kazuya
Faculty Of Engineering Kumamoto University
-
Kubota Shinichiro
Center For Multimedia And Information Technologies Kumamoto University
-
Sugitani Kenichi
Center For Multimedia And Information Technologies Kumamoto University
-
Ludena Romana
Graduate School Of Science And Technology Kumamoto University
-
Romana Dennis
Graduate School Of Science And Technology Kumamoto University
-
Musashi Yasuo
Center For Multimedia And Information Technologies (cmit) Kumamoto University
-
Kubota Shinichiro
Center For Multimedia And Information Technologies (cmit) Kumamoto University
-
Sugitani Kenichi
Center For Multimedia And Information Technologies (cmit) Kumamoto University
-
LUDENA ROMANA
Graduate School of Science and Technology, Kumamoto University
関連論文
- Entropy study on A resource record DNS query traffic from the campus network (技術と社会・倫理)
- Entropy study on A resource record DNS query traffic from the campus network (インターネットアーキテクチャ)
- Entropy study on A resource record DNS query traffic from the campus network (インターネットと運用技術)
- Detection of NS resource record DNS resolution traffic, host search, and SSH dictionary attack activities (情報通信マネジメント)
- Detection of DNS cache poisoning attack in DNS standard resolution traffic (情報通信マネジメント)
- Threats of unusual DNS query traffic from NIS clients (分散システム/インターネット運用技術)
- Threats of unusual DNS query traffic from NIS clients (テレコミュニケーションマネジメント)
- Workaround for Welchia and Sasser Internet Worms in Kumamoto University
- Statistical Analysis in Log Files of Electronic-Mail Server and Domain Name System Server. SPAM Mail Generates Many DNS Query Packets
- Traffic Analysis on a Domain Name System Server. SMTP Access Generates Many Name-Resolving Packets to a Greater Extent than Does POP3 Access
- DNS based entropy and forensic analysis on the PCs for learners in a university (情報通信マネジメント)
- DNS based entropy and forensic analysis on the PCs for learners in a university (インターネットと運用技術)
- Installation of security policy into Kumamoto University and DNS based detection of security incidents in the campus network (技術と社会・倫理)
- Installation of security policy into Kumamoto University and DNS based detection of security incidents in the campus network (インターネットアーキテクチャ)
- Installation of security policy into Kumamoto University and DNS based detection of security incidents in the campus network (インターネットと運用技術)
- Detection of DNS Cache Poisoning Attack in DNS Standard Resolution Traffic
- Euclidian- and Cosine-Distances based Detection of Distributed Host Search Attacks
- Euclidian- and Cosine-Distances based Detection of Distributed Host Search Attacks
- DNS ANY Request Cannon in Total Inbound ANY Resource Record DNS Query Request Packet Traffic
- DNS ANY Request Cannon in Total Inbound ANY Resource Record DNS Query Request Packet Traffic
- Euclidian- and Cosine-Distances based Detection of Distributed Host Search Attacks