Investigating DNS traffic anomalies for malicious activities
| Autor: | Fyodor Yarochkin, Yennun Huang, Vladimir Kropotov, Sy-Yen Kuo, Guo-Kai Ni, Ing-Yi Chen |
|---|---|
| Rok vydání: | 2013 |
| Předmět: |
Name server
business.industry Computer science Domain Name System ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS Botnet Round-robin DNS Computer security computer.software_genre Internet security ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS The Internet DNS spoofing DNS hijacking business computer Computer network |
| Zdroj: | DSN Workshops |
| DOI: | 10.1109/dsnw.2013.6615506 |
| Popis: | The Domain Name System (DNS) is one of the critical components of modern Internet networking. Proper Internet functions (such as mail delivery, web browsing and so on) are typically not possible without the use of DNS. However with the growth and commercialization of global networking, this protocol is often abused for malicious purposes which negatively impacts the security of Internet users. In this paper we perform security data analysis of DNS traffic at large scale for a prolonged period of time. In order to do this, we developed DNSPacketlizer, a DNS traffic analysis tool and deployed it at a mid-scale Internet Service Provider (ISP) for a period of six months. The findings presented in this paper demonstrate persistent abuse of the protocol by Botnet herders and antivirus software vendors for covert communication. Other suspicious or potentially malicious activities in DNS traffic are also discussed. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|