| Presentation | 2015-03-06 Analysis of direct outbound queries in DNS and consideration of malicious traffic detection method Hikaru ICHISE, Yong JIN, Katsuyoshi IIDA, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | Direct outbound DNS queries from inside PCs to outside computers without any authority information are not considered as normal behaviors in DNS protocol and one of the possible reasons of such queries is that the inside PCs are infected by some kind of bot program in which the IP addresses of the unknown outside computers are hard-coded. Thus it is possible to effectively detect botnet communications by catching such abnormal direct outbound DNS queries. In this paper, we discuss the possibility of detecting botnet communications as well as malicious traffics by analyzing the direct outbound DNS queries that are not using the DNS resolvers of the organizations. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | Botnet / Direct outbound query / DNS / Malicious traffic |
| Paper # | SITE2014-74,IA2014-106 |
| Date of Issue |
| Conference Information | |
| Committee | SITE |
|---|---|
| Conference Date | 2015/2/26(1days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | |
| Chair | |
| Vice Chair | |
| Secretary | |
| Assistant | |
| Paper Information | |
| Registration To | Social Implications of Technology and Information Ethics (SITE) |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Analysis of direct outbound queries in DNS and consideration of malicious traffic detection method |
| Sub Title (in English) | |
| Keyword(1) | Botnet |
| Keyword(2) | Direct outbound query |
| Keyword(3) | DNS |
| Keyword(4) | Malicious traffic |
| 1st Author's Name | Hikaru ICHISE |
| 1st Author's Affiliation | Technical Department, Tokyo Institute of Technology() |
| 2nd Author's Name | Yong JIN |
| 2nd Author's Affiliation | Global Scientific Information and Computing Center, Tokyo Institute of Technology |
| 3rd Author's Name | Katsuyoshi IIDA |
| 3rd Author's Affiliation | Global Scientific Information and Computing Center, Tokyo Institute of Technology |
| Date | 2015-03-06 |
| Paper # | SITE2014-74,IA2014-106 |
| Volume (vol) | vol.114 |
| Number (no) | 494 |
| Page | pp.pp.- |
| #Pages | 6 |
| Date of Issue | |