Finding Malicious Authoritative DNS Servers
スポンサーリンク
概要
- 論文の詳細を見る
This study proposes an approach to find authoritative DNS servers that are heavily involved with malicious online activities. For example, in order to construct a fast flux network, attackers need to have foil control on authoritative DNS servers so that he or she can abuse on their round robin feature. These DNS servers may have been setup by attackers themselves or they may be legitimate servers compromised and misused by the attackers. Either way, we believe that focusing on such maliciously used authoritative DNS servers can be a new aspect for understanding the underlying malicious online activities. In this study, we consider four features, fraction of blacklisted domains, Server Fail response history, TTL of DNS server's domain, and domain flux size, to evaluate an authoritative DNS server. Using these features, we evaluate 74,830 authoritative DNS servers of domains observed at a cache DNS server. As a result, we determine 3 1, 15, and 85 servers as malicious, respectively using fraction of blacklisted domains, TTL of DNS server's domain, and domain flux. We confirm that 21% of the detected servers are true positive according to several published security reports exhibiting the possibility of these features as metric to find malicious DNS servers.
- 2013-03-18
著者
-
Matsumoto Tsutomu
Graduate School Of Environment And Information Sciences Yokohama National University
-
Matsumoto Tsutomu
Graduate School Of Engineering Yokohama National University:graduate School Of Environment And Infor
-
YOSHIOKA Katsunari
Graduate School of Environment and Information Sciences, Yokohama National University
-
Pa Yin
Graduate School of Environment and Information Sciences Yokohama National University
-
MAKITA Daisuke
Graduate School of Environment and Information Sciences Yokohama National University
-
YOSHIOKA Katsunari
Graduate School of Environment and Information Sciences Yokohama National University
関連論文
- Unconditionally Secure Group Signatures
- Interaction Key Generation Schemes (Protocol) (Cryptography and Information Security)
- Unconditionally Secure Authenticated Encryption(Discrete Mathematics and Its Applications)
- A Distributed User Revocation Scheme for Ad-Hoc Networks(Advances in Ad Hoc Mobile Communications and Networking)
- How to Maximize the Potential of FPGA-Based DSPs for Modular Exponentiation
- A Design Methodology for a DPA-Resistant Circuit with RSL Techniques
- How to Decide Selection Functions for Power Analysis : From the Viewpoint of Hardware Architecture of Block Ciphers
- Collusion Secure Codes : Systematic Security Definitions and Their Relations(Discrete Mathematics and Its Applications)
- Clone Match Rate Evaluation for an Artifact-metric System (特集:新たな脅威に立ち向かうコンピュータセキュリティ技術)
- Detection-Resistant Steganography for Standard MIDI Files (Information Security)
- An Evaluation Method of Time Stamping Schemes from Viewpoints of Integrity, Cost and Availability(Special Section on Cryptography and Information Security)
- An Artifact-metric System Which Utilizes Inherent Texture (特集 21世紀のコンピュータセキュリティ技術)
- Random-Error-Resilient Tracing Algorithm for a Collusion-Secure Fingerprinting Code (特集 電子社会に向けたコンピュータセキュリティ技術)
- A Flexible Tree-Based Key Management Framework(Special Section on Cryptography and Information Security)
- Information-Flow-Based Access Control for Web Browsers
- Multiparty DSA Signature Generation without Simultaneous User Operations(Application Information Security)
- Random-Error Resilience of a Short Collusion-Secure Code
- An Evaluation Method for a Magnetic Artifact-metric System (特集 電子社会に向けたコンピュータセキュリティ技術)
- A Scheme of Secret Communication Using Internet Control Message Protocol(Special Section on Cryptography and Information Security)
- On Applicability of Differential Cryptanalysis, Linear Cryptanalysis and Mod n Cryptanalysis to an Encryption Algorithm M8(ISO9979-20) (特集 21世紀のコンピュータセキュリティ技術)
- A proper security analysis method for CMOS cryptographic circuits
- Finding Malicious Authoritative DNS Servers