WEKO3
-
RootNode
アイテム
Detection of the DNS Water Torture Attack by Analyzing Features of the Subdomain Name
https://ipsj.ixsq.nii.ac.jp/records/174663
https://ipsj.ixsq.nii.ac.jp/records/1746630f5c7682-064f-4787-ae84-47f68f564807
| 名前 / ファイル | ライセンス | アクション |
|---|---|---|
IPSJ-JNL5709012.pdf (677.9 kB)
|
Copyright (c) 2016 by the Information Processing Society of Japan
|
|
| オープンアクセス | ||
| Item type | Journal(1) | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 公開日 | 2016-09-15 | |||||||||||||||
| タイトル | ||||||||||||||||
| タイトル | Detection of the DNS Water Torture Attack by Analyzing Features of the Subdomain Name | |||||||||||||||
| タイトル | ||||||||||||||||
| 言語 | en | |||||||||||||||
| タイトル | Detection of the DNS Water Torture Attack by Analyzing Features of the Subdomain Name | |||||||||||||||
| 言語 | ||||||||||||||||
| 言語 | eng | |||||||||||||||
| キーワード | ||||||||||||||||
| 主題Scheme | Other | |||||||||||||||
| 主題 | [特集:社会の変革に挑戦するセキュリティ技術とプライバシー保護技術] DNS, DDoS, DNS Water Torture, Anomaly Detection, Naive Bayes Classifier | |||||||||||||||
| 資源タイプ | ||||||||||||||||
| 資源タイプ識別子 | http://purl.org/coar/resource_type/c_6501 | |||||||||||||||
| 資源タイプ | journal article | |||||||||||||||
| 著者所属 | ||||||||||||||||
| Faculty of Engineering, Toyohashi University of Technology | ||||||||||||||||
| 著者所属 | ||||||||||||||||
| Faculty of Engineering, Toyohashi University of Technology | ||||||||||||||||
| 著者所属 | ||||||||||||||||
| Faculty of Engineering, Toyohashi University of Technology | ||||||||||||||||
| 著者所属 | ||||||||||||||||
| Internet Initiative Japan Inc. | ||||||||||||||||
| 著者所属 | ||||||||||||||||
| ComWorth Co., Ltd. | ||||||||||||||||
| 著者所属(英) | ||||||||||||||||
| en | ||||||||||||||||
| Faculty of Engineering, Toyohashi University of Technology | ||||||||||||||||
| 著者所属(英) | ||||||||||||||||
| en | ||||||||||||||||
| Faculty of Engineering, Toyohashi University of Technology | ||||||||||||||||
| 著者所属(英) | ||||||||||||||||
| en | ||||||||||||||||
| Faculty of Engineering, Toyohashi University of Technology | ||||||||||||||||
| 著者所属(英) | ||||||||||||||||
| en | ||||||||||||||||
| Internet Initiative Japan Inc. | ||||||||||||||||
| 著者所属(英) | ||||||||||||||||
| en | ||||||||||||||||
| ComWorth Co., Ltd. | ||||||||||||||||
| 著者名 |
Yuya, Takeuchi
× Yuya, Takeuchi
× Takuro, Yoshida
× Ryotaro, Kobayashi
× Masahiko, Kato
× Hiroyuki, Kishimoto
|
|||||||||||||||
| 著者名(英) |
Yuya, Takeuchi
× Yuya, Takeuchi
× Takuro, Yoshida
× Ryotaro, Kobayashi
× Masahiko, Kato
× Hiroyuki, Kishimoto
|
|||||||||||||||
| 論文抄録 | ||||||||||||||||
| 内容記述タイプ | Other | |||||||||||||||
| 内容記述 | The Domain Name System (DNS), whose major function is to manage associations between domain names and IP addresses, plays a major role in managing the Internet. Thus, a DNS impairment would significantly impact society. A major cause of DNS impairment is Distributed Denial of Service (DDoS) attack on authoritative DNS servers. Our study focuses on the recently emerging DDoS attack known as the DNS Water Torture Attack. This attack causes open resolvers, which are improperly configured cache DNS servers that accept requests from both LAN and WAN, to send many queries to resolve domains managed by target servers. Domain names for resolving sent in this attack include varying random subdomains. Cache servers certainly will not have cached data for these queries, and so a huge volume of queries converges to the target authoritative servers via cache servers. In this paper, we propose a detection method for this attack using the Naive Bayes Classifier. Experimental results show that our method is capable of detecting this attack with a 95.59% detection rate. Moreover, the results of performance simulation show that our method is fast enough to process more than 2.3Gbps of traffic on the fly. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.24(2016) No.5 (online) DOI http://dx.doi.org/10.2197/ipsjjip.24.793 ------------------------------ |
|||||||||||||||
| 論文抄録(英) | ||||||||||||||||
| 内容記述タイプ | Other | |||||||||||||||
| 内容記述 | The Domain Name System (DNS), whose major function is to manage associations between domain names and IP addresses, plays a major role in managing the Internet. Thus, a DNS impairment would significantly impact society. A major cause of DNS impairment is Distributed Denial of Service (DDoS) attack on authoritative DNS servers. Our study focuses on the recently emerging DDoS attack known as the DNS Water Torture Attack. This attack causes open resolvers, which are improperly configured cache DNS servers that accept requests from both LAN and WAN, to send many queries to resolve domains managed by target servers. Domain names for resolving sent in this attack include varying random subdomains. Cache servers certainly will not have cached data for these queries, and so a huge volume of queries converges to the target authoritative servers via cache servers. In this paper, we propose a detection method for this attack using the Naive Bayes Classifier. Experimental results show that our method is capable of detecting this attack with a 95.59% detection rate. Moreover, the results of performance simulation show that our method is fast enough to process more than 2.3Gbps of traffic on the fly. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.24(2016) No.5 (online) DOI http://dx.doi.org/10.2197/ipsjjip.24.793 ------------------------------ |
|||||||||||||||
| 書誌レコードID | ||||||||||||||||
| 収録物識別子タイプ | NCID | |||||||||||||||
| 収録物識別子 | AN00116647 | |||||||||||||||
| 書誌情報 |
情報処理学会論文誌 巻 57, 号 9, 発行日 2016-09-15 |
|||||||||||||||
| ISSN | ||||||||||||||||
| 収録物識別子タイプ | ISSN | |||||||||||||||
| 収録物識別子 | 1882-7764 | |||||||||||||||
