Detection of DNS Cache Poisoning Attack in DNS Standard Resolution Traffic
スポンサーリンク
概要
- 論文の詳細を見る
We statistically investigated the total A resource record (RR) based DNS query request packet traffic from the Internet to the top domain DNS server in a university campus network through January 1st to December 21st, 2010. The obtained results are: (1) We found five DNS Cache Poisoning (DNSCP) attacks in observation of rapid decrease in the unique source IP address based entropy of the DNS query packet traffic and significant increase in the unique DNS query keyword based one. (2) Also, we found five DNSCP attacks in the score changes for detection method using the calculated restricted Damerau-Levenshtein distance (restricted edit distance) between the observed query keyword and the last one by employing both threshold ranges through 1 to 40. Therefore, it is possible that the restricted Damerau-Levenshtein distance based detection technology can detect the DNSCP attacks.
- 2011-05-05
著者
-
Musashi Yasuo
Kumamoto Univ.
-
Musashi Yasuo
Graduate School Of Science And Technology Kumamoto University
-
Musashi Yasuo
Center For Multimedia And Information Technologies Kumamoto University
-
Takemori Kazuya
Faculty Of Engineering Kumamoto University
-
Kubota Shinichiro
Center For Multimedia And Information Technologies Kumamoto University
-
Sugitani Kenichi
Center For Multimedia And Information Technologies Kumamoto University
-
Takemori Kazuya
NRI Secure Technologies, Ltd.
-
Takemori Kazuya
Nri Secure Technologies Ltd.
-
Musashi Yasuo
Center For Multimedia And Information Technologies (cmit) Kumamoto University
-
Kubota Shinichiro
Center For Multimedia And Information Technologies (cmit) Kumamoto University
-
Sugitani Kenichi
Center For Multimedia And Information Technologies (cmit) Kumamoto University
-
Takemori Kazuya
Nri Secure Technologies Lid.
関連論文
- Entropy study on A resource record DNS query traffic from the campus network (技術と社会・倫理)
- Entropy study on A resource record DNS query traffic from the campus network (インターネットアーキテクチャ)
- Entropy study on A resource record DNS query traffic from the campus network (インターネットと運用技術)
- Detection of NS resource record DNS resolution traffic, host search, and SSH dictionary attack activities (情報通信マネジメント)
- Detection of DNS cache poisoning attack in DNS standard resolution traffic (情報通信マネジメント)
- Threats of unusual DNS query traffic from NIS clients (分散システム/インターネット運用技術)
- Threats of unusual DNS query traffic from NIS clients (テレコミュニケーションマネジメント)
- Workaround for Welchia and Sasser Internet Worms in Kumamoto University
- Statistical Analysis in Log Files of Electronic-Mail Server and Domain Name System Server. SPAM Mail Generates Many DNS Query Packets
- Traffic Analysis on a Domain Name System Server. SMTP Access Generates Many Name-Resolving Packets to a Greater Extent than Does POP3 Access
- DNS based entropy and forensic analysis on the PCs for learners in a university (情報通信マネジメント)
- DNS based entropy and forensic analysis on the PCs for learners in a university (インターネットと運用技術)
- Installation of security policy into Kumamoto University and DNS based detection of security incidents in the campus network (技術と社会・倫理)
- Installation of security policy into Kumamoto University and DNS based detection of security incidents in the campus network (インターネットアーキテクチャ)
- Installation of security policy into Kumamoto University and DNS based detection of security incidents in the campus network (インターネットと運用技術)
- Detection of DNS Cache Poisoning Attack in DNS Standard Resolution Traffic
- Euclidian- and Cosine-Distances based Detection of Distributed Host Search Attacks
- Euclidian- and Cosine-Distances based Detection of Distributed Host Search Attacks
- DNS ANY Request Cannon in Total Inbound ANY Resource Record DNS Query Request Packet Traffic
- DNS ANY Request Cannon in Total Inbound ANY Resource Record DNS Query Request Packet Traffic
- Euclidian- and Cosine-Distances based Detection of Distributed Host Search Attacks