调查DNS流量异常的恶意活动

2013 43rd Annual IEEE/IFIP Conference on Dependable Systems and Networks Workshop (DSN-W) Pub Date : 2013-06-24 DOI:10.1109/DSNW.2013.6615506

Fedor V. Yarochkin, V. Kropotov, Yennun Huang, Guo-Kai Ni, S. Kuo, Ing-Yi Chen

{"title":"调查DNS流量异常的恶意活动","authors":"Fedor V. Yarochkin, V. Kropotov, Yennun Huang, Guo-Kai Ni, S. Kuo, Ing-Yi Chen","doi":"10.1109/DSNW.2013.6615506","DOIUrl":null,"url":null,"abstract":"The Domain Name System (DNS) is one of the critical components of modern Internet networking. Proper Internet functions (such as mail delivery, web browsing and so on) are typically not possible without the use of DNS. However with the growth and commercialization of global networking, this protocol is often abused for malicious purposes which negatively impacts the security of Internet users. In this paper we perform security data analysis of DNS traffic at large scale for a prolonged period of time. In order to do this, we developed DNSPacketlizer, a DNS traffic analysis tool and deployed it at a mid-scale Internet Service Provider (ISP) for a period of six months. The findings presented in this paper demonstrate persistent abuse of the protocol by Botnet herders and antivirus software vendors for covert communication. Other suspicious or potentially malicious activities in DNS traffic are also discussed.","PeriodicalId":377784,"journal":{"name":"2013 43rd Annual IEEE/IFIP Conference on Dependable Systems and Networks Workshop (DSN-W)","volume":"3 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-06-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Investigating DNS traffic anomalies for malicious activities\",\"authors\":\"Fedor V. Yarochkin, V. Kropotov, Yennun Huang, Guo-Kai Ni, S. Kuo, Ing-Yi Chen\",\"doi\":\"10.1109/DSNW.2013.6615506\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The Domain Name System (DNS) is one of the critical components of modern Internet networking. Proper Internet functions (such as mail delivery, web browsing and so on) are typically not possible without the use of DNS. However with the growth and commercialization of global networking, this protocol is often abused for malicious purposes which negatively impacts the security of Internet users. In this paper we perform security data analysis of DNS traffic at large scale for a prolonged period of time. In order to do this, we developed DNSPacketlizer, a DNS traffic analysis tool and deployed it at a mid-scale Internet Service Provider (ISP) for a period of six months. The findings presented in this paper demonstrate persistent abuse of the protocol by Botnet herders and antivirus software vendors for covert communication. Other suspicious or potentially malicious activities in DNS traffic are also discussed.\",\"PeriodicalId\":377784,\"journal\":{\"name\":\"2013 43rd Annual IEEE/IFIP Conference on Dependable Systems and Networks Workshop (DSN-W)\",\"volume\":\"3 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-06-24\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2013 43rd Annual IEEE/IFIP Conference on Dependable Systems and Networks Workshop (DSN-W)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/DSNW.2013.6615506\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 43rd Annual IEEE/IFIP Conference on Dependable Systems and Networks Workshop (DSN-W)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/DSNW.2013.6615506","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

摘要

域名系统(DNS)是现代Internet网络的重要组成部分之一。如果不使用DNS，正常的Internet功能(如邮件传递、网页浏览等)通常是不可能实现的。然而，随着全球网络的发展和商业化，该协议经常被恶意滥用，这对互联网用户的安全产生了负面影响。本文对DNS流量进行了长时间、大规模的安全数据分析。为此，我们开发了DNS流量分析工具DNSPacketlizer，并在一家中等规模的互联网服务提供商(ISP)部署了六个月的时间。本文提出的研究结果表明，僵尸网络牧人和反病毒软件供应商持续滥用该协议进行秘密通信。还讨论了DNS流量中的其他可疑或潜在恶意活动。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Investigating DNS traffic anomalies for malicious activities

The Domain Name System (DNS) is one of the critical components of modern Internet networking. Proper Internet functions (such as mail delivery, web browsing and so on) are typically not possible without the use of DNS. However with the growth and commercialization of global networking, this protocol is often abused for malicious purposes which negatively impacts the security of Internet users. In this paper we perform security data analysis of DNS traffic at large scale for a prolonged period of time. In order to do this, we developed DNSPacketlizer, a DNS traffic analysis tool and deployed it at a mid-scale Internet Service Provider (ISP) for a period of six months. The findings presented in this paper demonstrate persistent abuse of the protocol by Botnet herders and antivirus software vendors for covert communication. Other suspicious or potentially malicious activities in DNS traffic are also discussed.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2013 43rd Annual IEEE/IFIP Conference on Dependable Systems and Networks Workshop (DSN-W)

自引率

0.00%

发文量