{"title":"保护顶级域的DNS基础设施:带有网络传感器的动态防火墙","authors":"João Afonso, P. Veiga","doi":"10.1109/ICSNC.2008.68","DOIUrl":null,"url":null,"abstract":"The security problems that plague network services today are increasing at a dramatic pace especially with the constant improvement of network transmission rates and the sheer amount of data exchanged. This translates to not only more attacks but also new types of attacks with network incidents becoming more and more frequent. A substantial part of the attacks occur at Top Level Domains (TLD) who have the mission of guaranteeing the correct functioning of Domain Name System (DNS) zones. This paper presents a proposal to simplify the detection of attacks, and reduce the number of false reports (negative and positive). Our goal is to create a group of techniques for real time monitoring of network traffic, based on network sensors that allow, in real time, to detect abnormal network behaviour and produce meaningful data that can be used to trigger alarms and anticipate future problems, adding and removing rules at DNS firewalls. This sensors, are working together with the primary DNS servers of the .PT domain, currently monitor all traffic that crosses this service. The data correlation between the sensor and other sources (such as IDS, other sensors or agents), between two different dates, can then be used for statistical purposes and to prevent future possible attacks.","PeriodicalId":105399,"journal":{"name":"2008 Third International Conference on Systems and Networks Communications","volume":"6 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-10-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Protecting the DNS Infrastructure of a Top Level Domain: Dynamic Firewalling with Network Sensors\",\"authors\":\"João Afonso, P. Veiga\",\"doi\":\"10.1109/ICSNC.2008.68\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The security problems that plague network services today are increasing at a dramatic pace especially with the constant improvement of network transmission rates and the sheer amount of data exchanged. This translates to not only more attacks but also new types of attacks with network incidents becoming more and more frequent. A substantial part of the attacks occur at Top Level Domains (TLD) who have the mission of guaranteeing the correct functioning of Domain Name System (DNS) zones. This paper presents a proposal to simplify the detection of attacks, and reduce the number of false reports (negative and positive). Our goal is to create a group of techniques for real time monitoring of network traffic, based on network sensors that allow, in real time, to detect abnormal network behaviour and produce meaningful data that can be used to trigger alarms and anticipate future problems, adding and removing rules at DNS firewalls. This sensors, are working together with the primary DNS servers of the .PT domain, currently monitor all traffic that crosses this service. The data correlation between the sensor and other sources (such as IDS, other sensors or agents), between two different dates, can then be used for statistical purposes and to prevent future possible attacks.\",\"PeriodicalId\":105399,\"journal\":{\"name\":\"2008 Third International Conference on Systems and Networks Communications\",\"volume\":\"6 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-10-26\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2008 Third International Conference on Systems and Networks Communications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICSNC.2008.68\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 Third International Conference on Systems and Networks Communications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICSNC.2008.68","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Protecting the DNS Infrastructure of a Top Level Domain: Dynamic Firewalling with Network Sensors
The security problems that plague network services today are increasing at a dramatic pace especially with the constant improvement of network transmission rates and the sheer amount of data exchanged. This translates to not only more attacks but also new types of attacks with network incidents becoming more and more frequent. A substantial part of the attacks occur at Top Level Domains (TLD) who have the mission of guaranteeing the correct functioning of Domain Name System (DNS) zones. This paper presents a proposal to simplify the detection of attacks, and reduce the number of false reports (negative and positive). Our goal is to create a group of techniques for real time monitoring of network traffic, based on network sensors that allow, in real time, to detect abnormal network behaviour and produce meaningful data that can be used to trigger alarms and anticipate future problems, adding and removing rules at DNS firewalls. This sensors, are working together with the primary DNS servers of the .PT domain, currently monitor all traffic that crosses this service. The data correlation between the sensor and other sources (such as IDS, other sensors or agents), between two different dates, can then be used for statistical purposes and to prevent future possible attacks.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
