Cited By
View all- Lai QZhou CMa HWu ZChen S(2015)Visualizing and characterizing DNS lookup behaviors via log-miningNeurocomputing10.1016/j.neucom.2014.09.099169(100-109)Online publication date: Dec-2015
Abstract
DNS data is increasingly used in security analysis, intrusion detection, and research. Even small DNS collection systems can generate enormous amounts of DNS traffic, requiring tera-scale storage. As a result, researchers looking at DNS traffic must often develop real-time, in-line analysis tools.
References
[1]
R. P. A, I. C. C, D. D. A, and W. L. A. Detecting malicious flux service networks through passive analysis of recursive dns traces.
[2]
A. Hubert and R. van Mook. Measures for making dns more resilient against forged answers. http://tools.ietf.org/html/rfc5452, January 2009.
[3]
M. Antonakakis, R. Perdisci, D. Dagon, W. Lee, and N. Feamster. Building a dynamic reputation system for dns. In Proceedings of the 19th USENIX Security Symposium (USENIX Security '10), 2010.
[4]
M. Antonakakis, R. Perdisci, W. Lee, N. Vasiloglou, and D. Dagon. Detecting malware domains in the upper DNS hierarchy. In the Proceedings of 20th USENIX Security Symposium (USENIX Security '11), 2011.
[5]
L. Bilge, E. Kirda, C. Kruegel, and M. Balduzzi. EXPOSURE: finding malicious domains using passive DNS analysis. In Proceedings of Network and Distributed Security Symposium (NDSS '11), 2011.
[6]
G. Burd. NoSQL sysadmin. ;Login, 36(5), October 2011.
[7]
V. G. Cerf. Guidelines for internet measurement activities. http://www.ietf.org/rfc/rfc1262.txt, October 1991.
[8]
D. Dagon, M. Antonakakis, P. Vixie, T. Jinmei, and W. Lee. Increased DNS Forgery Resistance Through 0x20-Bit Encoding. In Proceedings of the 15th ACM CCS, Alexandria, VA, 2008.
[9]
D. Dagon, N. Provos, C. P. Lee, and W. Lee. Corrupted dns resolution paths: The rise of a malicious resolution authority. In Proceedings of Network and Distributed Security Symposium (NDSS '08), 2008.
[10]
T. Holz, C. Gorecki, F. Freiling, and K. Rieck. Measuring and detecting fast-flux service networks. In Proceedings of 15th Network and Distributed System Security Conference (NDSS 2008), 2008-02-11, 2008.
[11]
Internet Systems Consortium. BIND. https://www.isc.org/software/bind, 2012.
[12]
Internet Systems Consortium. Rsf software repository. http://rsfcode.isc.org, 2012.
[13]
Internet Systems Consortium. Security information exchange SIE. https://sie.isc.org/, 2012.
[14]
C. L. H. Jonathan M. Spring. The impact of passive dns collection on end-user privacy. In Securing and Trusting Internet Names: SATIN 2012, 2012.
[15]
S. Krishnan and F. Monrose. Dns prefetching and its privacy implications: when good things go bad. In Proceedings of the 3rd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more, LEET'10, pages 10--10, Berkeley, CA, USA, 2010. USENIX Association.
[16]
C. Lee. passive-dns-query-tool. http://code.google.com/p/passive-dns-query-tool/, 2012.
[17]
I. Microsoft. Introduction to the NRPT. http://technet.microsoft.com/en-us/library/ee649207%28v=ws.10%29.aspx,October 2009.
[18]
P. Mockapetris. Domain names - concepts and facilities. http://www.ietf.org/rfc/rfc1034.txt, November 1987.
[19]
P. Mockapetris. Domain names - implementation and specification. http://www.ietf.org/rfc/rfc1035.txt, November 1987.
[20]
NLnet Labs. Unbound. http://unbound.net/, 2012.
[21]
L. Poole and V. S. Pai. Leveraging scale and history to improve DNS security. In 3d USENIX Workshop on Real, Large Distributed Systems, 2006.
[22]
B. Stone-Gross, M. Cova, L. Cavallaro, B. Gilbert, M. Szydlowski, R. Kemmerer, C. Kruegel, and G. Vigna. Your botnet is my botnet: analysis of a botnet takeover. In Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS '09, pages 635--647, New York, NY, USA, 2009. ACM.
[23]
F. Weimer. Passive DNS replication. http://www.enyo.de/fw/software/dnslogger/first2005-paper.pdf, 2005.
[24]
S. Yandav and A. N. Reddy. Winning with DNS failures: Strategies for faster bontet detection. In 7th International ICST Conference on Security and Privacy in Communication Networks (SecureComm), 2011.
[25]
B. Zdrnja, N. Brownlee, and D. Wessels. Passive monitoring of dns anomalies. In Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA '07, pages 129--139, Berlin, Heidelberg, 2007. Springer-Verlag.
Index Terms
- Large-scale DNS data analysis
Recommendations
Silence is not Golden: Disrupting the Load Balancing of Authoritative DNS Servers
CCS '23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications SecurityAuthoritative nameservers are delegated to provide the final resource record. Since the security and robustness of DNS are critical to the general operation of the Internet, domain name owners are required to deploy multiple candidate nameservers for ...
Detecting DNS amplification attacks
CRITIS'07: Proceedings of the Second international conference on Critical Information Infrastructures SecurityDNS amplification attacks massively exploit open recursive DNS servers mainly for performing bandwidth consumption DDoS attacks. The amplification effect lies in the fact that DNS response messages may be substantially larger than DNS query messages. In ...
DNS for Massive-Scale Command and Control
Attackers, in particular botnet controllers, use stealthy messaging systems to set up large-scale command and control. To systematically understand the potential capability of attackers, we investigate the feasibility of using domain name service (DNS) ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
October 2012
1088 pages
ISBN:9781450316514
DOI:10.1145/2382196
- General Chair:
- Ting Yu,
- Program Chairs:
- George Danezis,
- Virgil Gligor
Copyright © 2012 Author.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 16 October 2012
Check for updates
Author Tags
Qualifiers
- Tutorial
Conference
CCS'12
Sponsor:
CCS'12: the ACM Conference on Computer and Communications Security
October 16 - 18, 2012
North Carolina, Raleigh, USA
Acceptance Rates
Overall Acceptance Rate 1,261 of 6,999 submissions, 18%
Upcoming Conference
CCS '25
- Sponsor:
- sigsac
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 635Total Downloads
- Downloads (Last 12 months)8
- Downloads (Last 6 weeks)0
Reflects downloads up to 12 Dec 2024
Other Metrics
Citations
Cited By
View all- Lai QZhou CMa HWu ZChen S(2015)Visualizing and characterizing DNS lookup behaviors via log-miningNeurocomputing10.1016/j.neucom.2014.09.099169(100-109)Online publication date: Dec-2015
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in