Role Identification of Domain Name Server Using Machine Learning based on DNS Response Features
Autor: | Hui Zhang, Bingjie Wei, Hailing Li, Longtao He, Chenghai He, Kai Zhang |
---|---|
Rok vydání: | 2020 |
Předmět: |
User information
Name server Security analysis business.industry Computer science Domain Name System ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS 030206 dentistry 010501 environmental sciences Machine learning computer.software_genre 01 natural sciences 03 medical and health sciences Identification (information) 0302 clinical medicine Server Header The Internet Artificial intelligence business computer 0105 earth and related environmental sciences |
Zdroj: | ICISS |
Popis: | The Domain Name System (DNS) plays an important role in the Internet by mapping domains to IP addresses. Numerous authoritative name servers and recursive resolvers form the DNS service infrastructure. Accurate identifying the role of the DNS server is of great importance for understanding the DNS infrastructure and performing security analysis. Previous research has proposed some methods for DNS server identification. Most of them are active methods which bring additional bandwidth and security risks; the non-negligible complex configuration of DNS servers in the actual network makes the results of passive approach using the DNS message header fields "AA" and "RA" unsatisfactory. This paper proposes a machine learning method to classify the typical role of the DNS server in a passive manner. Classifiers are trained by three categories of features extracted solely from passive DNS response records (removing the user information) and the experiment results show that the proposed method can achieve high accurate and low false positive rate. |
Databáze: | OpenAIRE |
Externí odkaz: |