Search

Your search keyword '"Domain Name System"' showing total 2,647 results
Start Over Descriptor "Domain Name System"
2,647 results on '"Domain Name System"'

3. Securing DNS over HTTPS traffic: a real-time analysis tool.

Author

Eddine, Abid Dhiya and Abdelkader, Ghazli

Subjects
HTTP (Computer network protocol), ARTIFICIAL intelligence, MACHINE learning, ALGORITHMS, SUPPORT vector machines
Abstract

DNS over HTTPS (DoH) is a developing protocol that uses encryption to secure domain name system (DNS) queries within hypertext transfer protocol secure (HTTPS) connections, thereby improving privacy and security while browsing the web. This study involved the development of a live tool that captures and analyzes DoH traffic in order to classify it as either benign or malicious. We employed machine learning (ML) algorithms such as K-nearest neighbors (K-NN), random forest (RF), decision tree (DT), deep neural network (DNN), and support vector machine (SVM) to categorize the data. All of the algorithms, namely KNN, RF, and DT, achieved exceptional performance, with F1 scores of 1.0 or above for both precision and recall. The SVM and DNN both achieved exceptionally high scores, with only slight differences in accuracy. This tool employs a voting mechanism to arrive at a definitive classification decision. By integrating with the Mallory tool, it becomes possible to locally resolve DNS, which in turn allows for more accurate simulation of DoH queries. The evaluation results clearly indicate outstanding performance, confirming the tool's effectiveness in analyzing DoH traffic for network security and threat detection purposes. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

4. 基于Sketch 的重要DNS查询缓存方法.

Author

郝逸航, 刘紫千, 常力元, 佟欣哲, 杨成, 孙琦, and 郭俊言

Abstract

Copyright of Chinese Journal of Network & Information Security is the property of Beijing Xintong Media Co., Ltd. and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published
2024
Full Text
View/download PDF

5. 递归-权威侧部署加密DNS协议的隐私 收益评估方法及测量分析.

Author

段丽莹, 李瑞烜, 刘西蒙, 邵俊, and 刘保君

Abstract

Copyright of Chinese Journal of Network & Information Security is the property of Beijing Xintong Media Co., Ltd. and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published
2024
Full Text
View/download PDF

6. 基于动态域名水印的IPv6 DNS服务发现方法.

Author

韩丁康, 朱宇佳, 赵蕾, 焦亮, and 刘庆云

Abstract

Copyright of Chinese Journal of Network & Information Security is the property of Beijing Xintong Media Co., Ltd. and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published
2024
Full Text
View/download PDF

7. MIS: A Multi-Identifier Management and Resolution System in the Metaverse.

Author

Wang, Han, Li, Hui, Smahi, Abla, Zhao, Feng, Yao, Yao, Chan, Ching Chuen, Wang, Shiyu, Yang, Wenyuan, and Li, Shuo-Yen Robert

Subjects
SHARED virtual environments, INTERNET domain naming system, VIRTUAL machine systems, ACCESS control, VIRTUAL reality, CLOUD computing
Abstract

The metaverse gradually evolves into a virtual world containing a series of interconnected sub-metaverses. Diverse digital resources, including identities, contents, services, and supporting data, are key components of the sub-metaverse. Therefore, a Domain Name System (DNS)-like system is necessary for efficient management and resolution. However, the legacy DNS was designed with security vulnerabilities and trust risks due to centralized issues. Blockchain is used to mitigate these concerns due to its decentralized features. Additionally, it supports identity management as a default feature, making it a natural fit for the metaverse. While there are several DNS alternatives based on the blockchain, they either manage only a single type of identifiers or isolate identities from other sorts of identifiers, making it difficult for sub-metaverses to coexist and connect with each other. This article proposes a Multi-Identifier management and resolution System (MIS) in the metaverse, supporting the registration, resolution, and inter-translation functions. The basic MIS is portrayed as a four-tier architecture on a consortium blockchain due to its manageability, enhanced security, and efficiency properties. On-chain data is lightweight and compressed to save on storage while accelerating reading and writing operations. The resource data is encrypted based on the attributes of the sub-metaverse in the storage tier for privacy protection and access control. For users with decentralization priorities, a modification named EMIS is built on top of Ethereum. Finally, MIS is implemented on two testbeds and is available online as the open-source system. The first testbed consists of 4 physical servers located in the UK and Malaysia while the second is made up of 200 virtual machines (VMs) spread over 26 countries across all 5 continents on Google Cloud. Experiments indicate that MIS provides efficient reading and writing performance than the legacy DNS and other public blockchain-based workarounds including EMIS and Ethereum Name Service (ENS). [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

9. A Perception System for DNS Root Service Status Based on Active and Passive Monitoring

Author

Dong, Guozhong, Guo, Hao, Wu, Hualong, Goos, Gerhard, Series Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Zhang, Wenjie, editor, Tung, Anthony, editor, Zheng, Zhonglong, editor, Yang, Zhengyi, editor, Wang, Xiaoyang, editor, and Guo, Hongjie, editor

Published
2024
Full Text
View/download PDF

10. Post-Quantum Signatures in DNSSEC via Request-Based Fragmentation

Author

Goertzen, Jason, Stebila, Douglas, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Johansson, Thomas, editor, and Smith-Tone, Daniel, editor

Published
2023
Full Text
View/download PDF

11. Unsupervised Anomaly Detection Method Based on DNS Log Data

Author

Jiarong, Wang, Zhongtian, Liang, Fazhi, Qi, Tian, Yan, Jiahao, Liu, Caiqiu, Zhou, Angrisani, Leopoldo, Series Editor, Arteaga, Marco, Series Editor, Chakraborty, Samarjit, Series Editor, Chen, Jiming, Series Editor, Chen, Shanben, Series Editor, Chen, Tan Kay, Series Editor, Dillmann, Rüdiger, Series Editor, Duan, Haibin, Series Editor, Ferrari, Gianluigi, Series Editor, Ferre, Manuel, Series Editor, Jabbari, Faryar, Series Editor, Jia, Limin, Series Editor, Kacprzyk, Janusz, Series Editor, Khamis, Alaa, Series Editor, Kroeger, Torsten, Series Editor, Li, Yong, Series Editor, Liang, Qilian, Series Editor, Martín, Ferran, Series Editor, Ming, Tan Cher, Series Editor, Minker, Wolfgang, Series Editor, Misra, Pradeep, Series Editor, Mukhopadhyay, Subhas, Series Editor, Ning, Cun-Zheng, Series Editor, Nishida, Toyoaki, Series Editor, Oneto, Luca, Series Editor, Panigrahi, Bijaya Ketan, Series Editor, Pascucci, Federica, Series Editor, Qin, Yong, Series Editor, Seng, Gan Woon, Series Editor, Speidel, Joachim, Series Editor, Veiga, Germano, Series Editor, Wu, Haitao, Series Editor, Zamboni, Walter, Series Editor, Zhang, Junjie James, Series Editor, Wang, Wei, editor, Mu, Jiasong, editor, Liu, Xin, editor, and Na, Zhenyu, editor

Published
2023
Full Text
View/download PDF

13. Research of distributed performance testing and monitoring system for DNS based on Promethus

Author

Huang Bing, Wu Yunfeng, Zhang Kaixin, Han Qingmin, Zhang Jiufa, and Chai Chuchu

Subjects
performance test, domain name system, promethus, Electronics, TK7800-8360
Abstract

Domain name resolution service is the entrance for Internet access and traffic scheduling, therefore the performance of the Domain Name System (DNS) directly affects the user access experience. Based on the Promethus time series database, this paper designs and implements a distributed automatic test and monitoring system for response performance of domain name system. This system can only not test the multi-node distbuted DNS performance of the self-developed DNS system, but also monitor the operation in a time series mode for a long time,and monitor DNS service performance visually in real time.

Published
2023
Full Text
View/download PDF

14. Advancing DNS Performance Through an Adaptive Transport Layer Security Model (ad-TLSM).

Author

Ohwo, Onome B., Ayankoya, Folasade Y., Ajayi, Oluwabukola F., and Alao, Daniel O.

Subjects
SECURE Sockets Layer (Computer network protocol), INTERNET domain naming system, PROFESSIONAL-client communication
Abstract

The present study endeavors to enhance DNS over TLS performance via the development of an Adaptive Transport Layer Security Model (ad-TLSM). DNS over TLS, which employs TLS encryption to safeguard communication between clients and DNS recursive resolvers, suffers from performance issues that pose significant challenges. In response to these issues, the ad-TLSM has been designed to boost DNS performance by integrating a monitoring mechanism for real-time observation of the DNS recursive resolver. During the TLS handshake, crucial data, including throughput, CPU load, and the active cryptographic algorithm, are meticulously monitored and documented. This data forms the foundation for an adaptive strategy, which facilitates intelligent security adaptation during runtime, based on the prevailing conditions between the client and the server at the time of secure connection establishment. The performance evaluation of the ad-TLSM demonstrated that the DNS recursive resolver experiences excessive load while employing AES-GCM 256. However, it was found capable of managing an additional 15%-25% requests per second when ChaCha20 was implemented. These findings led to the formation of an adaptive strategy that effectively alleviates CPU load by adjusting the security level, thereby ameliorating the overall performance. In summary, the ad-TLSM surpasses existing models in latency performance and can be employed to improve performance, while satisfying quality of service constraints. This research represents a significant step towards the development of more efficient and secure DNS services. [ABSTRACT FROM AUTHOR]

Published
2023
Full Text
View/download PDF

15. Domain Name Management Architecture Based on Blockchain

Author

Ma, Zhenjiang, Qi, Feng, Li, Wenjing, Angrisani, Leopoldo, Series Editor, Arteaga, Marco, Series Editor, Panigrahi, Bijaya Ketan, Series Editor, Chakraborty, Samarjit, Series Editor, Chen, Jiming, Series Editor, Chen, Shanben, Series Editor, Chen, Tan Kay, Series Editor, Dillmann, Rüdiger, Series Editor, Duan, Haibin, Series Editor, Ferrari, Gianluigi, Series Editor, Ferre, Manuel, Series Editor, Hirche, Sandra, Series Editor, Jabbari, Faryar, Series Editor, Jia, Limin, Series Editor, Kacprzyk, Janusz, Series Editor, Khamis, Alaa, Series Editor, Kroeger, Torsten, Series Editor, Li, Yong, Series Editor, Liang, Qilian, Series Editor, Martín, Ferran, Series Editor, Ming, Tan Cher, Series Editor, Minker, Wolfgang, Series Editor, Misra, Pradeep, Series Editor, Möller, Sebastian, Series Editor, Mukhopadhyay, Subhas, Series Editor, Ning, Cun-Zheng, Series Editor, Nishida, Toyoaki, Series Editor, Oneto, Luca, Series Editor, Pascucci, Federica, Series Editor, Qin, Yong, Series Editor, Seng, Gan Woon, Series Editor, Speidel, Joachim, Series Editor, Veiga, Germano, Series Editor, Wu, Haitao, Series Editor, Zamboni, Walter, Series Editor, Zhang, Junjie James, Series Editor, Sun, Songlin, editor, Hong, Tao, editor, Yu, Peng, editor, and Zou, Jiaqi, editor

Published
2022
Full Text
View/download PDF

16. A survey on DNS attack detection and security protection

Author

Jianwu ZHANG, Yanjun AN, and Huangyan DENG

Subjects
domain name system, DNS attack detection, security protection, machine learning, Telecommunication, TK5101-6720, Technology
Abstract

With the gradual evolution of the traditional Internet to “Internet+”, the domain name system (DNS) had been continuously expanding from basic address resolution to new models such as comprehensive perception and reliable transmission.Due to the diverse functions and the extensive coverage of DNS in the new scenario, it will cause serious consequences once attacked.Therefore, the research on DNS attack detection and security protection continues and attracts more and more attention.Firstly, several common DNS attacks were introduced, including DNS spoofing, DNS covert channel, DNS distributed denial of service (DDoS) attack, DNS reflection amplification attacks, and malicious DGA domain names.Subsequently, these DNS attack detection technologies were systematically analyzed and summarized from the machine learning perspective.Then, the DNS security protection technologies were sorted out in decentralization, authenticated encryption and limited resolution.Finally, some future research directions were proposed.

Published
2022
Full Text
View/download PDF

17. A Concise History of the Internet—II.

Author

Rajaraman, V.

Subjects
INTERNET governance, INTERNET domain naming system, INTERNET, SUPERCOMPUTERS
Abstract

In this part, I describe how CSNET started in 1981 with funding from the National Science Foundation (NSF) of the US government and the formation of the Merit network and BIT-NET. Following this, I discuss the formation of the NSFnet in 1986 connecting the supercomputer centres set up by the NSF in the US and its expansion by connecting it to the ARPANET, CSNET, Merit, and regional networks. I then trace the steady improvement of the speed of the NSF net and its gradual privatization and the emergence of the worldwide Internet. I then describe the evolution of the Domain Name System and the consequences of the rapid expansion of the Internet. The article concludes with issues of governance of the Internet which has now become an essential infrastructure of our World. [ABSTRACT FROM AUTHOR]

Published
2022
Full Text
View/download PDF

18. A Review: How to Detect Malicious Domains

Author

Li, Kang, Yu, Xiangzhan, Wang, Jiujin, Filipe, Joaquim, Editorial Board Member, Ghosh, Ashish, Editorial Board Member, Prates, Raquel Oliveira, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, Sun, Xingming, editor, Zhang, Xiaorui, editor, Xia, Zhihua, editor, and Bertino, Elisa, editor

Published
2021
Full Text
View/download PDF

20. A Comprehensive Study of DNS Operational Issues by Mining DNS Forums

Author

Xianran Liao, Jiacen Xu, Qifan Zhang, and Zhou Li

Subjects
Domain name system, forum mining, clustering, operational issues, Electrical engineering. Electronics. Nuclear engineering, TK1-9971
Abstract

Domain Name System (DNS) is a fundamental component for today’s Internet communications, enabling the domain-to-IP translations for billions of users and numerous applications. Yet, the operational failures of DNS are not rare and sometimes lead to severe consequences like Internet outages. To gain a better understanding of DNS operational failures, previous works examined large-scale DNS logs (DNS queries and responses between Internet users and DNS servers), but the DNS logs cannot offer a comprehensive view of the failures (e.g., errors at domain registrars) and explain the failures at a finer grain. In this paper, we try to assess DNS operational failures from another data source, the supporting forums built by DNS service providers. Specifically, we mined 4 DNS forums and crawled more than 10000 posts and 50000 replies. With a new analysis framework developed by us, we are able to tag the forum posts by different categories (e.g., general concerns, issue locations, and record types), and gain new insights regarding how and why users encounter DNS failures. In the end, we offer suggestions to DNS service providers and users to mitigate DNS operational issues.

Published
2022
Full Text
View/download PDF

21. Preventing man-in-the-middle attacks in DNS through certificate less signature

Author

HU Yang, HAN Zengjie, YE Guohua and YAO Zhiqiang

Subjects
domain name system, man-in-the-middle attacks, certificate less signature, Electronic computers. Computer science, QA75.5-76.95
Abstract

Aiming at resisting the man-in-the-middle attacks in the domain name system protocol, a lightweight solution was proposed. The scheme introduced certificate less signature algorithm, removed the difficult-to-deploy trust chain to improve the efficiency and security of authentication. By using symmetric encryption technology, the proposed solution ensured the confidentiality of the message and increase the attack difficulty. The theoretical analysis proved the proposed scheme can resist common man-in-the-middle attacks. Experimental comparison results show the scheme has better performance than similar schemes.

Published
2021
Full Text
View/download PDF

22. Preventing man-in-the-middle attacks in DNS through certificate less signature

Author

Yang HU, Zengjie HAN, Guohua YE, and Zhiqiang YAO

Subjects
domain name system, man-in-the-middle attacks, certificate less signature, Electronic computers. Computer science, QA75.5-76.95
Abstract

Aiming at resisting the man-in-the-middle attacks in the domain name system protocol, a lightweight solution was proposed.The scheme introduced certificate less signature algorithm, removed the difficult-to-deploy trust chain to improve the efficiency and security of authentication.By using symmetric encryption technology, the proposed solution ensured the confidentiality of the message and increase the attack difficulty.The theoretical analysis proved the proposed scheme can resist common man-in-the-middle attacks.Experimental comparison results show the scheme has better performance than similar schemes.

Published
2021
Full Text
View/download PDF

23. A survey on DNS attack detection and security protection.

Author

ZHANG Jianwu, AN Yanjun, and DENG Huangyan

Abstract

With the gradual evolution of the traditional Internet to "Internet+", the domain name system (DNS) had been continuously expanding from basic address resolution to new models such as comprehensive perception and reliable transmission. Due to the diverse functions and the extensive coverage of DNS in the new scenario, it will cause serious consequences once attacked. Therefore, the research on DNS attack detection and security protection continues and attracts more and more attention. Firstly, several common DNS attacks were introduced, including DNS spoofing, DNS covert channel, DNS distributed denial of service (DDoS) attack, DNS reflection amplification attacks, and malicious DGA domain names. Subsequently, these DNS attack detection technologies were systematically analyzed and summarized from the machine learning perspective. Then, the DNS security protection technologies were sorted out in decentralization, authenticated encryption and limited resolution. Finally, some future research directions were proposed. [ABSTRACT FROM AUTHOR]

Published
2022
Full Text
View/download PDF

24. Deep malware hunter based unrivaled malware detection schema thru cache retrospective empiricism.

Author

Shelar, Manoj D. and Srinivasa Rao, S.

Subjects
DEEP learning, HARD disks, MALWARE, INTERNET domain naming system, EMPIRICISM, INTERNET security
Abstract

Malware development has been tremendous in recent decades, posing a severe threat to modern systems and Internet security. Conventional approaches to malware detection focus solely on data stored on hard disc drives. To prevent detection, the attackers put harmful material in volatile memory and attack sensitive confidential data. Furthermore, static signature‐based malware detection approaches require a recognized malware signature database to detect the malware. These efforts, however, failed because the malware rapidly modified its signature and easily evaded detection by packaging, obfuscating, or encrypting. As a consequence, it is vital to extract appropriate memory characteristics and let the deep learning classifier that learns the features improve malware detection accuracy. Therefore, in this paper, we propose a Deep Malware Hunter Based Unrivaled Malware Detection Scheme that skillfully detects known and unknown malware without harming the device. In this way, our Unrivaled Malware Detection Scheme efficiently extracts the necessary features through sharp inspection and classifies the malware correctly and benignly at an early stage before it attacks the device. Thus the proposed framework efficiently provides an accuracy of 99% detection rate in the malware hunter method. [ABSTRACT FROM AUTHOR]

Published
2022
Full Text
View/download PDF

25. Deep Learning Based DNS Tunneling Detection and Blocking System

Author

ALTUNCU, M. A., GULAGIZ, F. K., OZCAN, H., BAYIR, O. F., GEZGIN, A., NIYAZOV, A., CAVUSLU, M. A., and SAHIN, S.

Subjects
artificial neural networks, computer networks, domain name system, intrusion detection, machine learning, Electrical engineering. Electronics. Nuclear engineering, TK1-9971, Computer engineering. Computer hardware, TK7885-7895
Abstract

The main purpose of DNS is to convert domain names into IPs. Due to the inadequate precautions taken for the security of DNS, it is used for malicious communication or data leakage. Within the scope of this study, a real-time deep network-based system is proposed on live networks to prevent the common DNS tunneling threats over DNS. The decision-making capability of the proposed system at the instant of threat on a live system is the particular feature of the study. Networks trained with various deep network topologies by using the data from Alexa top 1 million sites were tested on a live network. The system was integrated to the network during the tests to prevent threats in real-time. The result of the tests reveal that the threats were blocked with success rate of 99.91%. Obtained results confirm that we can block almost all tunnel attacks over DNS protocol. In addition, the average time to block each tunneled package was calculated to be 0.923 ms. This time clearly demonstrates that the network flow will not be affected, and no delay will be experienced in the operation of our system in real-time.

Published
2021
Full Text
View/download PDF

26. : Measuring Centralization of DNS Infrastructure in the Wild

Author

Zembruzki, Luciano, Jacobs, Arthur Selle, Landtreter, Gustavo Spier, Granville, Lisandro Zambenedetti, Moura, Giovane C. M., Kacprzyk, Janusz, Series Editor, Pal, Nikhil R., Advisory Editor, Bello Perez, Rafael, Advisory Editor, Corchado, Emilio S., Advisory Editor, Hagras, Hani, Advisory Editor, Kóczy, László T., Advisory Editor, Kreinovich, Vladik, Advisory Editor, Lin, Chin-Teng, Advisory Editor, Lu, Jie, Advisory Editor, Melin, Patricia, Advisory Editor, Nedjah, Nadia, Advisory Editor, Nguyen, Ngoc Thanh, Advisory Editor, Wang, Jun, Advisory Editor, Barolli, Leonard, editor, Amato, Flora, editor, Moscato, Francesco, editor, Enokido, Tomoya, editor, and Takizawa, Makoto, editor

Published
2020
Full Text
View/download PDF

27. DNS Proxy Caching Method for False Invoice Detection

Author

Zhu, Qiurong, Cao, Zhichen, Hou, Haibo, Yang, Jiangbing, Kacprzyk, Janusz, Series Editor, Pal, Nikhil R., Advisory Editor, Bello Perez, Rafael, Advisory Editor, Corchado, Emilio S., Advisory Editor, Hagras, Hani, Advisory Editor, Kóczy, László T., Advisory Editor, Kreinovich, Vladik, Advisory Editor, Lin, Chin-Teng, Advisory Editor, Lu, Jie, Advisory Editor, Melin, Patricia, Advisory Editor, Nedjah, Nadia, Advisory Editor, Nguyen, Ngoc Thanh, Advisory Editor, Wang, Jun, Advisory Editor, Xhafa, Fatos, editor, Patnaik, Srikanta, editor, and Tavana, Madjid, editor

Published
2020
Full Text
View/download PDF

28. Detection of Algorithmically Generated Domain Names in Botnets

Author

Vishvakarma, Deepak Kumar, Bhatia, Ashutosh, Riha, Zdenek, Kacprzyk, Janusz, Series Editor, Pal, Nikhil R., Advisory Editor, Bello Perez, Rafael, Advisory Editor, Corchado, Emilio S., Advisory Editor, Hagras, Hani, Advisory Editor, Kóczy, László T., Advisory Editor, Kreinovich, Vladik, Advisory Editor, Lin, Chin-Teng, Advisory Editor, Lu, Jie, Advisory Editor, Melin, Patricia, Advisory Editor, Nedjah, Nadia, Advisory Editor, Nguyen, Ngoc Thanh, Advisory Editor, Wang, Jun, Advisory Editor, Barolli, Leonard, editor, Takizawa, Makoto, editor, Xhafa, Fatos, editor, and Enokido, Tomoya, editor

Published
2020
Full Text
View/download PDF

29. DNS-embedded service endpoint registry for distributed e-Infrastructures.

Author

Salnikov, Andrii and Kónya, Balázs

Subjects
*INTERNET domain naming system, *SYSTEMS design, *GRID computing, *COMPUTER software development, *INFORMATION resources
Abstract

Distributed e-Infrastructure is a key component of modern BIG Science. Service discovery in e-Science environments, such as Worldwide LHC Computing Grid (WLCG), is a crucial functionality that relies on service registry. In this paper we re-formulate the requirements for the service endpoint registry based on our more than 10 years experience with many systems designed or used within the WLCG e-Infrastructure. To satisfy those requirements the paper proposes a novel idea to use the existing well-established Domain Name System (DNS) infrastructure together with a suitable data model as a service endpoint registry. The presented ARC Hierarchical Endpoints Registry (ARCHERY) system consists of a minimalistic data model representing services and their endpoints within e-Infrastructures, a rendering of the data model embedded into DNS-records, a lightweight software layer for DNS-record management and client-side data discovery. Our approach for the ARCHERY registry required minimal software development and inherits all the benefits of one of the most reliable distributed information discovery source of the internet, the DNS infrastructure. In particular, deployment, management and operation of ARCHERY is fully relying on DNS. Results of ARCHERY deployment use-cases are provided together with performance analysis. [ABSTRACT FROM AUTHOR]

Published
2022
Full Text
View/download PDF

30. On Cross-Layer Interactions of QUIC, Encrypted DNS and HTTP/3 : Design, Evaluation and Dataset

Author

Sengupta, Jayasree, Kosek, Mike, Fries, Justus, Fischer-Hübner, Simone, Bajpai, Vaibhav, Sengupta, Jayasree, Kosek, Mike, Fries, Justus, Fischer-Hübner, Simone, and Bajpai, Vaibhav

Abstract

Every Web session involves a DNS resolution. While, in the last decade, we witnessed a promising trend towards an encrypted Web in general, DNS encryption has only recently gained traction with the standardisation of DNS over TLS (DoT) and DNS over HTTPS (DoH). Meanwhile, the rapid rise of QUIC deployment has now opened up an exciting opportunity to utilise the same protocol to not only encrypt Web communications, but also DNS. In this paper, we evaluate this benefit of using QUIC to coalesce name resolution via DNS over QUIC (DoQ), and Web content delivery via HTTP/3 (H3) with 0-RTT. We compare this scenario using several possible combinations where H3 is used in conjunction with DoH and DoQ, as well as the unencrypted DNS over UDP (DoUDP). We observe, that when using H3 1-RTT, page load times with DoH can get inflated by >30% over fixed-line and by >50% over mobile when compared to unencrypted DNS with DoUDP. However, this cost of encryption can be drastically reduced when encrypted connections are coalesced (DoQ + H3 0-RTT), thereby reducing the page load times by 1/3 over fixed-line and 1/2 over mobile, overall making connection coalescing with QUIC the best option for encrypted communication on the Internet.

Published
2024
Full Text
View/download PDF

31. DNSWeight: Quantifying Country-Wise Importance of Domain Name System

Author

Deliang Chang, Shanshan Hao, Zhou Li, Baojun Liu, and Xing Li

Subjects
BGP, domain name system, network measurement, network servers, Electrical engineering. Electronics. Nuclear engineering, TK1-9971
Abstract

DNS (Domain Name System) is one fundamental Internet infrastructure related to most network activities. As a feasible tool to govern the Internet, DNS’s stability and interoperability will be impacted by the countries’ policies or actions along the path. Especially now that many countries have stricter control over the Internet and even sometimes “unplug” it. But there was no study to quantify the countries’ impact systematically. To fill this research gap, we present DNSWeight. This new data-driven approach utilizes a large-scale DNS dataset and BGP (Border Gateway Protocol) routing information to calculate the country-importance score so that a country’s impact on DNS can be gauged. By applying DNSWeight on large-scale DNS and BGP datasets jointly, our study shows the importance among different countries is divided. A handful of countries show dominant significance to the current DNS ecosystem. Some countries with a history of Internet shutdowns are too influential to be ignored if they choose to break themselves from the Internet. We also examine the impact of IPv6 (IP Version 6) and reveal the “loop” phenomenon that occurs in some DNS queries. In conjunction with our findings, some discussion and suggestions are given. In summary, our study shows that DNS reliability needs to be reconsidered at the country’s level.

Published
2021
Full Text
View/download PDF

32. 基于域名系统知识图谱的 CDN 域名识别技术.

Author

闫志豪, 刘京菊, 郭 徽, and 郭兵阳

Subjects
CONTENT delivery networks, KNOWLEDGE graphs, INTERNET domain naming system, ACQUISITION of data
Abstract

Copyright of Journal of Computer Engineering & Applications is the property of Beijing Journal of Computer Engineering & Applications Journal Co Ltd. and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published
2022
Full Text
View/download PDF

33. Text analysis of DNS queries for data exfiltration protection of computer networks

Author

Ya. V. Bubnov and N. N. Ivanov

Subjects
domain name system, computer network security, data exfiltration, text classification, convolutional neural network, Electronic computers. Computer science, QA75.5-76.95
Abstract

The paper proposes effective method of computer network protection from data exfiltration by the system of domain names. Data exfiltration by Domain Name System (DNS) is an approach to conceal the transfer of confidential data to remote adversary using data encapsulation into the requesting domain name. The DNS requests that transfer stolen information from a host infected by malicious software to an external host controlled by a malefactor are considered. The paper proposes a method of detecting such DNS requests based on text classification of domain names by convolutional neural network. The efficiency of the method is based on assumption that domain names exploited for data exfiltration differ from domain names formed from words of natural language. To classify the requests in convolutional neural network the use of character embedding for representing the string of a domain name is proposed. Quality evaluation of the trained neural network used for recognition of data exfiltration through domain name system using ROC-analysis is performed.The paper presents the software architecture used for deployment of trained neural network into existing infrastructure of the domain name system targeting practical computer networks protection from data exfiltration. The architecture implies creation of response policy zones for blocking of individual requests, classified as malicious.

Published
2020
Full Text
View/download PDF

34. Fast-flucos:malicious domain name detection method for Fast-flux based on DNS traffic

Author

Chunyu HAN, Yongzheng ZHANG, and Yu ZHANG

Subjects
Fast-flux, domain name system, domain name detection, machine learning, deep learning, Telecommunication, TK5101-6720
Abstract

There are three weaknesses in previous Fast-flux domain name detection method on the aspects of stability,targeting,and applicability to common real-world DNS traffic environment.For this,a method based on DNS traffic,called Fast-flucos was proposed.Firstly,the traffic anomaly filtering and association matching algorithms were used for improving detection stability.Secondly,the features,quantified geographical width,country list,and time list,were applied for better targeting Fast-flux domains.Lastly,the feature extraction were finished by the more suitable samples for trying to adapt to common real-world DNS traffic.Several machine learning algorithms including deep learning are tried for determining the best classifier and feature combination.The experimental result based on real-world DNS traffic shows that Fast-flucos’ recall rate is 0.998 6,precision is 0.976 7,and ROC_AUC is 0.992 9,which are all better than the current main stream approaches,such as EXPOSURE,GRADE and AAGD.

Published
2020
Full Text
View/download PDF

35. Assessing Usefulness of Blacklists Without the Ground Truth

Author

Kidmose, Egon, Gausel, Kristian, Brandbyge, Søren, Pedersen, Jens Myrup, Kacprzyk, Janusz, Series Editor, Pal, Nikhil R., Advisory Editor, Bello Perez, Rafael, Advisory Editor, Corchado, Emilio S., Advisory Editor, Hagras, Hani, Advisory Editor, Kóczy, László T., Advisory Editor, Kreinovich, Vladik, Advisory Editor, Lin, Chin-Teng, Advisory Editor, Lu, Jie, Advisory Editor, Melin, Patricia, Advisory Editor, Nedjah, Nadia, Advisory Editor, Nguyen, Ngoc Thanh, Advisory Editor, Wang, Jun, Advisory Editor, Choraś, Michał, editor, and Choraś, Ryszard S., editor

Published
2019
Full Text
View/download PDF

36. Reducing User Perceived Latency in Smart Phones Exploiting IP Network Diversity

Author

Jamsheed Manja Ppallan, Sweta Jaiswal, Karthikeyan Arunachalam, Pasquale Imputato, Stefano Avallone, Siva Sabareesh Dronamraju, and Madhan Raj Kanagarathinam

Subjects
Domain name system, TCP/IP, wireless communication, mobile networks, connectivity, page loading time, Electrical engineering. Electronics. Nuclear engineering, TK1-9971
Abstract

The Fifth Generation (5G) wireless networks set its standard to provide very high data rates, Ultra-Reliable Low Latency Communications (URLLC), and significantly improved Quality of Service (QoS). 5G networks and beyond will power up billions of connected devices as it expands wireless services to edge computing and the Internet of Things (IoT). The Internet protocol suite continues its evolution from IPv4 addresses to IPv6 addresses by increasing the adoption rate and prioritizing IPv6. Hence, Internet Service Providers (ISP's) are using the address transition method called dual-stack to prioritize the IPv6 while supporting the existing IPv4. But this causes more connectivity overhead in dual-stack as compared to the single-stack network due to its preference schema towards the IPv6. The dual-stack network increases the Domain Name System (DNS) resolution and Transmission Control Protocol (TCP) connection time that results in higher page loading time, thereby significantly impacting the user experience. Hence, we propose a novel connectivity mechanism, called NexGen Connectivity Optimizer (NexGenCO), which redesigns the DNS resolution and TCP connection phases to reduce the user-perceived latency in the dual-stack network for mobile devices. Our solution utilizes the IP network diversity to improve connectivity through concurrency and intelligent caching. NexGenCO is successfully implemented in Samsung flagship devices with Android Pie and further evaluated using both simulated and live-air networks. It significantly reduces connectivity overhead and improves page loading time up to 18%.

Published
2020
Full Text
View/download PDF

37. A Superficial Analysis Approach for Identifying Malicious Domain Names Generated by DGA Malware

Author

Akihiro Satoh, Yutaka Fukuda, Toyohiro Hayashi, and Gen Kitagata

Subjects
Domain generation algorithm, domain name system, malware, network security, Telecommunication, TK5101-6720, Transportation and communications, HE1-9990
Abstract

Some of the most serious security threats facing computer networks involve malware. To prevent malware-related damage, administrators must swiftly identify and remove the infected machines that may reside in their networks. However, many malware families have domain generation algorithms (DGAs) to avoid detection. A DGA is a technique in which the domain name is changed frequently to hide the callback communication from the infected machine to the command-and-control server. In this article, we propose an approach for estimating the randomness of domain names by superficially analyzing their character strings. This approach is based on the following observations: human-generated benign domain names tend to reflect the intent of their domain registrants, such as an organization, product, or content. In contrast, dynamically generated malicious domain names consist of meaningless character strings because conflicts with already registered domain names must be avoided; hence, there are discernible differences in the strings of dynamically generated and human-generated domain names. Notably, our approach does not require any prior knowledge about DGAs. Our evaluation indicates that the proposed approach is capable of achieving recall and precision as high as 0.9960 and 0.9029, respectively, when used with labeled datasets. Additionally, this approach has proven to be highly effective for datasets collected via a campus network. Thus, these results suggest that malware-infected machines can be swiftly identified and removed from networks using DNS queries for detected malicious domains as triggers.

Published
2020
Full Text
View/download PDF

38. Identification of DNS covert channel based on improved convolutional neural network

Author

Meng ZHANG, Haoliang SUN, and Peng YANG

Subjects
covert channel, domain name system, convolutional neural network, Telecommunication, TK5101-6720
Abstract

In order to effectively identify the multiple types of DNS covert channels,the implementation of different sorts of DNS covert channel software was studied,and a detection based on the improved convolutional neural network was proposed.The experimental results,grounded upon the campus network traffic,show that the detection can identify twenty-two kinds of data interaction modes of DNS covert channels and is able to identify the unknown DNS covert channel traffic.The proposed method outperforms the existing methods.

Published
2020
Full Text
View/download PDF

39. Domain Name System Without Root Servers

Author

Wander, Matthäus, Boelmann, Christopher, Weis, Torben, Hutchison, David, Series Editor, Kanade, Takeo, Series Editor, Kittler, Josef, Series Editor, Kleinberg, Jon M., Series Editor, Mattern, Friedemann, Series Editor, Mitchell, John C., Series Editor, Naor, Moni, Series Editor, Pandu Rangan, C., Series Editor, Steffen, Bernhard, Series Editor, Terzopoulos, Demetri, Series Editor, Tygar, Doug, Series Editor, Weikum, Gerhard, Series Editor, Cuppens, Nora, editor, Cuppens, Frédéric, editor, Lanet, Jean-Louis, editor, Legay, Axel, editor, and Garcia-Alfaro, Joaquin, editor

Published
2018
Full Text
View/download PDF

40. Network detection of malicious domain name based on adversary model.

Author

Li, Xingguo and Wang, Junfeng

Abstract

With the rapid development of the Internet, threats from the network security are emerging one after another. Driven by economic interests, attackers use malicious domain names to promote the development of botnets and phishing sites, which leads to serious information leakage of victims and devices, the proliferation of DDoS attacks and the rapid spread of viruses. Based on the above background, the purpose of this paper is to study the network detection of malicious domain name based on the adversary model. Firstly, this paper studies the generation mechanism of DGA domain name based on PCFG model, and studies the characteristics of the domain name generated by such DGA. The research shows that the domain name generated by PCFG model is usually based on the legal domain name, so the character statistical characteristics of the domain name are similar to the legal domain name. Moreover, the same PCFG model can often generate multiple types of domain names, so it is difficult to extract appropriate features manually. The experimental results show that the accuracy, recall and accuracy of the performance parameters of the classifier are over 95%. By using the open domain name data set, comparing the linear calculation edit distance method and the detection effect under different thresholds, it is proved that the proposed method can improve the detection speed of misplanted domain names under the condition of similar accuracy. [ABSTRACT FROM AUTHOR]

Published
2021
Full Text
View/download PDF

41. Detecting Anomalies at a TLD Name Server Based on DNS Traffic Predictions.

Author

Madariaga, Diego, Madariaga, Javier, Panza, Martin, Bustos-Jimenez, Javier, and Bustos, Benjamin

Abstract

The Domain Name System (DNS) is a critical component of Internet infrastructure, as almost every activity on the Internet starts with a DNS query. Given its importance, there is increasing concern over its vulnerability to attacks and failures, as they can negatively affect all Internet-based resources. Thus, detecting these events is crucial to preserve the correct functioning of all DNS components, such as high-volume name servers for top-level domains (TLD). This article presents a near real-time Anomaly Detection Based on Prediction (AD-BoP) method, providing a useful and easily explainable methodology to effectively detect DNS anomalies. AD-BoP is based on the prediction of expected DNS traffic statistics, and could be especially helpful for TLD registry operators to preserve their services’ reliability. After an exhaustive analysis, AD-BoP is shown to improve the current state-of-the-art for anomaly detection in authoritative TLD name servers. [ABSTRACT FROM AUTHOR]

Published
2021
Full Text
View/download PDF

42. DNS-ADVP: A Machine Learning Anomaly Detection and Visual Platform to Protect Top-Level Domain Name Servers Against DDoS Attacks

Author

Luis A. Trejo, Victor Ferman, Miguel Angel Medina-Perez, Fernando Miguel Arredondo Giacinti, Raul Monroy, and Jose E. Ramirez-Marquez

Subjects
Amplification attack, anomaly detection, Domain Name System, DNS DDoS attacks, one-class classification, visualisation model, Electrical engineering. Electronics. Nuclear engineering, TK1-9971
Abstract

DNS DDoS attacks may severely affect the operation of computer networks, prompting the need for methods able to timely detect them, and then to apply mitigation countermeasures. Visual models have been used to detect an ongoing DDoS attack, but often demand continuous attention from IT staff. However, machine learning techniques could complement a visual model with further information and with on-time alerts that could help IT officers give attention only when an attack is in progress at its very early stage. In this paper, we present DNS-ADVP, a DNS Anomaly Detection Visual Platform, which, in an integrated manner, provides a novel visualisation that depicts on-line DNS traffic, and a one-class classifier that deals with traffic anomaly detection. Using the visual mode, an IT officer may interpret the current state of traffic for an authoritative DNS server; the model comes with visual semaphores, controlled by the one-class classifier. Due to the highly dynamic nature of DNS traffic, our classification method continuously updates what counts as normal behaviour; it has been successfully tested on synthetic attacks, with an 83% of the area under the curve (AUC). DNS-ADVP is currently in use to real-time monitoring an actual authoritative DNS server.

Published
2019
Full Text
View/download PDF

43. Improved Resource Directory Based on DNS Name Self-Registration for Device Transparent Access in Heterogeneous IoT Networks

Author

Wenquan Jin and Dohyeun Kim

Subjects
Internet of Things, resource directory, transparent access, interworking proxy, domain name system, open connectivity foundation, Electrical engineering. Electronics. Nuclear engineering, TK1-9971
Abstract

With the rapid development of Internet of Things (IoT) technologies in various domains including smart homes, smart cities, smart factories and smart buildings where Internet-connected devices are deployed to provide IoT services based on heterogeneous frameworks and platforms. Many standard protocols, frameworks, libraries and specifications have been proposed for developing IoT applications. Therefore, providing a consistent scheme is important for supporting the interoperability in heterogeneous IoT devices to interact in the same domain and cross-domain. Moreover, supporting the device transparent access for clients to consume IoT service from the different environment that can provide user-friendly service scenarios although the user consumes services in different IoT networks. In this paper, we propose an improved Resource Directory (RD) based on a Domain Name System (DNS) Name Self-Registration (DNSNSR) for the device transparent access in heterogeneous IoT networks. For supporting proposed DNSNSR, an IoT RD is presented based on the Open Connectivity Foundation (OCF) standard specification to provide device registration and discovery service. Through the registration interface, the IoT RD configures the DNS names using Bind 9 to provide the DNS service in an IoT network based on the published device information. Using the discovery interface of RD and name resolution of DNS, the IoT Client gets devices information including (Identifier) ID and Internet Protocol (IP) to access IoT Devices without considering underlying protocols through the interworking proxy of proposed RD in heterogeneous IoT networks. Therefore, the proposed RD based on DNSNSR enables the IoT devices to be discovered by IoT clients in the various environment through the RD and DNS functions. Furthermore, using the OCF-direct and proxy-based access mechanism, the proposed RD based on DNSNSR supports IoT devices to be accessed by clients in various IoT environment.

Published
2019
Full Text
View/download PDF

44. A Cause-Based Classification Approach for Malicious DNS Queries Detected Through Blacklists

Author

Akihiro Satoh, Yutaka Nakamura, Yutaka Fukuda, Kazuto Sasai, and Gen Kitagata

Subjects
Malware, blacklist, domain name system, network security, machine learning, Electrical engineering. Electronics. Nuclear engineering, TK1-9971
Abstract

Some of the most serious security threats facing computer networks involve malware. To prevent this threat, administrators need to swiftly remove the infected machines from their networks. One common way to detect infected machines in a network is by monitoring communications based on blacklists. However, detection using this method has the following two problems: no blacklist is completely reliable, and blacklists do not provide sufficient evidence to allow administrators to determine the validity and accuracy of the detection results. Therefore, simply matching communications with blacklist entries is insufficient, and administrators should pursue their detection causes by investigating the communications themselves. In this paper, we propose an approach for classifying malicious DNS queries detected through blacklists by their causes. This approach is motivated by the following observation: a malware communication is divided into several transactions, each of which generates queries related to the malware; thus, surrounding queries that occur before and after a malicious query detected through blacklists help in estimating the cause of the malicious query. Our cause-based classification drastically reduces the number of malicious queries to be investigated because the investigation scope is limited to only representative queries in the classification results. In experiments, we have confirmed that our approach could group 388 malicious queries into 3 clusters, each consisting of queries with a common cause. These results indicate that administrators can briefly pursue all the causes by investigating only representative queries of each cluster, and thereby swiftly address the problem of infected machines in the network.

Published
2019
Full Text
View/download PDF

45. DNS root domain name analysis system based on block chain

Author

Tianshu ZHUANG, Wenfeng LIU, and Dong LI

Subjects
domain name system, blockchain, decentralization, Telecommunication, TK5101-6720, Technology
Abstract

The centralized resolution system of the domain name system (DNS) implies an unavoidable risk of abuse of power,a top-level domain may be deleted from the root zone.By analyzing the related work on the root zone decentralization,the most were mainly to deploy new root resolution services outside the current root servers,but not to decentralize the root zone data.A scheme to decentralize the root zone data was proposed,and the decentralization of root zone data distribution and analysis were achieved through a peer-to-peer coalition between national roots.Trust from peer-to-peer to collective,with features such as autonomy,openness,equality,and transparency,and implements a distributed consensus on root zone data through blockchain technology were transformed by the program,thereby ensuring root zone data consistency.

Published
2018
Full Text
View/download PDF

46. Optimization and application of the carrier DNS data analysis technology

Author

Wei PENG, Xiaodong HE, Xiaoming LU, and Chuanxin JI

Subjects
domain name system, Hadoop, data analysis, Telecommunication, TK5101-6720, Technology
Abstract

The principles of DNS data analysis and the limitations of traditional DNS data analysis method were analyzed.According to the trend of the development of the IP network,an analysis technology based on the Hadoop towards huge amounts of DNS data was proposed.Also the architecture,implementation scheme and advantages of the technology scheme were described,then the effect of Hadoop DNS data analysis which applied in the telecom network was expounded.The research results can provide scientific reference for the development and optimization of the telecom network.

Published
2018
Full Text
View/download PDF

47. Advanced Flow Models for Computing the Reputation of Internet Domains

Author

Othman, Hussien, Gudes, Ehud, Gal-Oz, Nurit, Rannenberg, Kai, Editor-in-chief, Sakarovitch, Jacques, Series editor, Goedicke, Michael, Series editor, Tatnall, Arthur, Series editor, Neuhold, Erich J., Series editor, Pras, Aiko, Series editor, Tröltzsch, Fredi, Series editor, Pries-Heje, Jan, Series editor, Whitehouse, Diane, Series editor, Reis, Ricardo, Series editor, Furnell, Steven, Series editor, Furbach, Ulrich, Series editor, Winckler, Marco, Series editor, Rauterberg, Matthias, Series editor, Steghöfer, Jan-Philipp, editor, and Esfandiari, Babak, editor

Published
2017
Full Text
View/download PDF

Catalog

Books, media, physical & digital resources
See catalog results