| IEICE Technical Committee Submission System Conference Paper's Information |
Online Proceedings [Sign in] Tech. Rep. Archives |
| Go Top Page | Go Previous | [Japanese] / [English] |
| Paper Abstract and Keywords | ||
| Presentation | 2013-03-25 13:00 Finding Malicious Authoritative DNS Servers Yin Minn Pa Pa, Daisuke Makita, Katsunari Yoshioka, Tsutomu Matsumoto (Yokohama National Univ.)  ICSS2012-61 |
|
| Abstract | (in Japanese) | (See Japanese page) |
| (in English) | This study proposes an approach to find authoritative DNS servers that are heavily involved with malicious online activities. For example, in order to construct a fast flux network, attackers need to have full control on authoritative DNS servers so that he or she can abuse on their round robin feature. These DNS servers may have been setup by attackers themselves or they may be legitimate servers compromised and misused by the attackers. Either way, we believe that focusing on such maliciously used authoritative DNS servers can be a new aspect for understanding the underlying malicious online activities. In this study, we consider four features, fraction of blacklisted domains, Server Fail response history, TTL of DNS server’s domain, and domain flux size, to evaluate an authoritative DNS server. Using these features, we evaluate 74,830 authoritative DNS servers of domains observed at a cache DNS server. As a result, we determine 31, 15, and 85 servers as malicious, respectively using fraction of blacklisted domains, TTL of DNS server’s domain, and domain flux. We confirm that 21% of the detected servers are true positive according to several published security reports exhibiting the possibility of these features as metric to find malicious DNS servers. |
|
| Keyword | (in Japanese) | (See Japanese page) |
| (in English) | Malicious Authoritative DNS Server / / / / / / / | |
| Reference Info. | IEICE Tech. Rep., vol. 112, no. 499, ICSS2012-61, pp. 25-30, March 2013. | |
| Paper # | ICSS2012-61 | |
| Date of Issue | 2013-03-18 (ICSS) | |
| ISSN | Print edition: ISSN 0913-5685 Online edition: ISSN 2432-6380 | |
| Copyright and reproduction |
All rights are reserved and no part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system, without permission in writing from the publisher. Notwithstanding, instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. (License No.: 10GA0019/12GB0052/13GB0056/17GB0034/18GB0034) | |
| Download PDF | ICSS2012-61 |
|
| Conference Information | |
| Committee | ICSS |
| Conference Date | 2013-03-25 - 2013-03-25 |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | Yokohama National University |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | Communication Security, etc. |
| Paper Information | |
| Registration To | ICSS |
| Conference Code | 2013-03-ICSS |
| Language | English |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Finding Malicious Authoritative DNS Servers |
| Sub Title (in English) | |
| Keyword(1) | Malicious Authoritative DNS Server |
| Keyword(2) | |
| Keyword(3) | |
| Keyword(4) | |
| Keyword(5) | |
| Keyword(6) | |
| Keyword(7) | |
| Keyword(8) | |
| 1st Author's Name | Yin Minn Pa Pa |
| 1st Author's Affiliation | Yokohama National University (Yokohama National Univ.) |
| 2nd Author's Name | Daisuke Makita |
| 2nd Author's Affiliation | Yokohama National University (Yokohama National Univ.) |
| 3rd Author's Name | Katsunari Yoshioka |
| 3rd Author's Affiliation | Yokohama National University (Yokohama National Univ.) |
| 4th Author's Name | Tsutomu Matsumoto |
| 4th Author's Affiliation | Yokohama National University (Yokohama National Univ.) |
| 5th Author's Name | |
| 5th Author's Affiliation | () |
| 6th Author's Name | |
| 6th Author's Affiliation | () |
| 7th Author's Name | |
| 7th Author's Affiliation | () |
| 8th Author's Name | |
| 8th Author's Affiliation | () |
| 9th Author's Name | |
| 9th Author's Affiliation | () |
| 10th Author's Name | |
| 10th Author's Affiliation | () |
| 11th Author's Name | |
| 11th Author's Affiliation | () |
| 12th Author's Name | |
| 12th Author's Affiliation | () |
| 13th Author's Name | |
| 13th Author's Affiliation | () |
| 14th Author's Name | |
| 14th Author's Affiliation | () |
| 15th Author's Name | |
| 15th Author's Affiliation | () |
| 16th Author's Name | |
| 16th Author's Affiliation | () |
| 17th Author's Name | |
| 17th Author's Affiliation | () |
| 18th Author's Name | |
| 18th Author's Affiliation | () |
| Speaker | Author-1 |
| Date Time | 2013-03-25 13:00:00 |
| Presentation Time | 25 minutes |
| Registration for | ICSS |
| Paper # | ICSS2012-61 |
| Volume (vol) | vol.112 |
| Number (no) | no.499 |
| Page | pp.25-30 |
| #Pages | 6 |
| Date of Issue | 2013-03-18 (ICSS) |
[Return to Top Page]