Euclidian- and Cosine-Distances based Detection of Distributed Host Search Attacks
スポンサーリンク
概要
- 論文の詳細を見る
We statistically investigated the total PTR resource record (RR) based DNS query request packet traffic from the Internet to the top domain DNS server in a university campus network through January 1st to December 31st, 2011. The obtained results are: (1) We found twelve host search (HS) attacks in the scores for detection method using the calculated Euclidean distances between the observed IP address and the last observed IP address in the DNS query keywords by employing both threshold ranges of 1.0-2.0 (consecutive) and 150.2-210.4 (random). However, we found nineteen HS attacks in the scores using the calculated cosine distance between the DNS query IP addresses (threshold ranges of 0.75-0.83 and 0.9-1.0). (3) In the newly found HS attacks, we observed that the source IP addresses of the HS attack DNS query packets are distributed Therefore, it can be concluded that the cosine distance based detection technology can detect the source IP address-distributed host search attack.
- 2012-03-08
著者
-
Musashi Yasuo
Center For Multimedia And Information Technologies (cmit) Kumamoto University
-
Kubota Shinichiro
Center For Multimedia And Information Technologies (cmit) Kumamoto University
-
Sugitani Kenichi
Center For Multimedia And Information Technologies (cmit) Kumamoto University
-
Sugitani Kenichi
Center for Multimedia and Information Technologies (CMIT), Kumamoto University
-
Romana Dennis
Human Resource Center for Innovation, Kumamoto University
-
Dobayashi Satoshi
Department of Computer Science and Electrical Engineering, Faculty of Engineering, Kumamoto University
-
Ludena Romana
Human Resource Center for Innovation, Kumamoto University
-
Kubota Shinichiro
Center for Multimedia and Information Technologies (CMIT), Kumamoto University
-
Musashi Yasuo
Center for Multimedia and Information Technologies (CMIT), Kumamoto University
関連論文
- Entropy study on A resource record DNS query traffic from the campus network (技術と社会・倫理)
- Entropy study on A resource record DNS query traffic from the campus network (インターネットアーキテクチャ)
- Entropy study on A resource record DNS query traffic from the campus network (インターネットと運用技術)
- Detection of NS resource record DNS resolution traffic, host search, and SSH dictionary attack activities (情報通信マネジメント)
- Threats of unusual DNS query traffic from NIS clients (分散システム/インターネット運用技術)
- Threats of unusual DNS query traffic from NIS clients (テレコミュニケーションマネジメント)
- Workaround for Welchia and Sasser Internet Worms in Kumamoto University
- Statistical Analysis in Log Files of Electronic-Mail Server and Domain Name System Server. SPAM Mail Generates Many DNS Query Packets
- Traffic Analysis on a Domain Name System Server. SMTP Access Generates Many Name-Resolving Packets to a Greater Extent than Does POP3 Access
- DNS based entropy and forensic analysis on the PCs for learners in a university (情報通信マネジメント)
- DNS based entropy and forensic analysis on the PCs for learners in a university (インターネットと運用技術)
- Installation of security policy into Kumamoto University and DNS based detection of security incidents in the campus network (技術と社会・倫理)
- Installation of security policy into Kumamoto University and DNS based detection of security incidents in the campus network (インターネットアーキテクチャ)
- Installation of security policy into Kumamoto University and DNS based detection of security incidents in the campus network (インターネットと運用技術)
- Detection of DNS Cache Poisoning Attack in DNS Standard Resolution Traffic
- Euclidian- and Cosine-Distances based Detection of Distributed Host Search Attacks
- Euclidian- and Cosine-Distances based Detection of Distributed Host Search Attacks
- DNS ANY Request Cannon in Total Inbound ANY Resource Record DNS Query Request Packet Traffic
- DNS ANY Request Cannon in Total Inbound ANY Resource Record DNS Query Request Packet Traffic
- Euclidian- and Cosine-Distances based Detection of Distributed Host Search Attacks