基于多协议交叉验证的DNS劫持自反馈检测系统

2019 26th International Conference on Telecommunications (ICT) Pub Date : 2019-04-08 DOI:10.1109/ICT.2019.8798832

Caiyun Huang, Peng Zhang, Yong Sun, Yujia Zhu, Yang Liu

{"title":"基于多协议交叉验证的DNS劫持自反馈检测系统","authors":"Caiyun Huang, Peng Zhang, Yong Sun, Yujia Zhu, Yang Liu","doi":"10.1109/ICT.2019.8798832","DOIUrl":null,"url":null,"abstract":"With the rapid growth of the Internet, concerns about the security of Domain Name System (DNS) have become prominent. DNS Hijacking is a typical threat which manipulates DNS resource records (RRs) to make users obtain wrong website server IPs through Cache Poisoning or Man-in-the-middle attack. In this paper, we propose a Self-Feedback Detection System (SFDS) deployed at Local Area Network (LAN) Gateway to protect users from visiting the wrong websites. SFDS: (i)finds the incorrect (Domain, IP) tuples in real-time to provide a correct (Domain, IP) tuple list for users, (ii)utilizes a multi-protocol cross validation method to verify suspicious (Domain, IP) tuples, (iii) applies self-feedback mechanism to calculate the correctness probabilities of (Domain, IP) tuples iteratively. We show that in real circumstance for two weeks, SFDS can find almost 1300 correct (Domain, IP) tuples for one domain on average in one day. And SFDS is effective with accuracy approximately 100% by our experiments.","PeriodicalId":127412,"journal":{"name":"2019 26th International Conference on Telecommunications (ICT)","volume":"84 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-04-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"SFDS: A Self-Feedback Detection System for DNS Hijacking Based on Multi-Protocol Cross Validation\",\"authors\":\"Caiyun Huang, Peng Zhang, Yong Sun, Yujia Zhu, Yang Liu\",\"doi\":\"10.1109/ICT.2019.8798832\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"With the rapid growth of the Internet, concerns about the security of Domain Name System (DNS) have become prominent. DNS Hijacking is a typical threat which manipulates DNS resource records (RRs) to make users obtain wrong website server IPs through Cache Poisoning or Man-in-the-middle attack. In this paper, we propose a Self-Feedback Detection System (SFDS) deployed at Local Area Network (LAN) Gateway to protect users from visiting the wrong websites. SFDS: (i)finds the incorrect (Domain, IP) tuples in real-time to provide a correct (Domain, IP) tuple list for users, (ii)utilizes a multi-protocol cross validation method to verify suspicious (Domain, IP) tuples, (iii) applies self-feedback mechanism to calculate the correctness probabilities of (Domain, IP) tuples iteratively. We show that in real circumstance for two weeks, SFDS can find almost 1300 correct (Domain, IP) tuples for one domain on average in one day. And SFDS is effective with accuracy approximately 100% by our experiments.\",\"PeriodicalId\":127412,\"journal\":{\"name\":\"2019 26th International Conference on Telecommunications (ICT)\",\"volume\":\"84 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-04-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 26th International Conference on Telecommunications (ICT)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICT.2019.8798832\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 26th International Conference on Telecommunications (ICT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICT.2019.8798832","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

摘要

随着互联网的快速发展，人们对域名系统(DNS)安全性的担忧日益突出。DNS劫持是一种典型的威胁，通过缓存投毒或中间人攻击，操纵DNS资源记录，使用户获取错误的网站服务器ip。本文提出了一种部署在局域网(LAN)网关的自反馈检测系统(SFDS)，以防止用户访问错误的网站。SFDS:(i)实时发现不正确的(Domain, IP)元组，为用户提供正确的(Domain, IP)元组列表;(ii)采用多协议交叉验证方法对可疑的(Domain, IP)元组进行验证;(iii)采用自反馈机制迭代计算(Domain, IP)元组的正确概率。我们表明，在两周的实际环境中，SFDS平均在一天内可以为一个域找到近1300个正确的(Domain, IP)元组。实验结果表明，SFDS的准确率接近100%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

SFDS: A Self-Feedback Detection System for DNS Hijacking Based on Multi-Protocol Cross Validation

With the rapid growth of the Internet, concerns about the security of Domain Name System (DNS) have become prominent. DNS Hijacking is a typical threat which manipulates DNS resource records (RRs) to make users obtain wrong website server IPs through Cache Poisoning or Man-in-the-middle attack. In this paper, we propose a Self-Feedback Detection System (SFDS) deployed at Local Area Network (LAN) Gateway to protect users from visiting the wrong websites. SFDS: (i)finds the incorrect (Domain, IP) tuples in real-time to provide a correct (Domain, IP) tuple list for users, (ii)utilizes a multi-protocol cross validation method to verify suspicious (Domain, IP) tuples, (iii) applies self-feedback mechanism to calculate the correctness probabilities of (Domain, IP) tuples iteratively. We show that in real circumstance for two weeks, SFDS can find almost 1300 correct (Domain, IP) tuples for one domain on average in one day. And SFDS is effective with accuracy approximately 100% by our experiments.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2019 26th International Conference on Telecommunications (ICT)

自引率

0.00%

发文量