Investigating DNS traffic anomalies for malicious activities

Fyodor Yarochkin; Vladimir Kropotov; Yennun Huang; Guo Kai Ni; Sy Yen Kuo; Ing Yi Chen

doi:10.1109/DSNW.2013.6615506

Investigating DNS traffic anomalies for malicious activities

Fyodor Yarochkin, Vladimir Kropotov, Yennun Huang, Guo Kai Ni, Sy Yen Kuo, Ing Yi Chen

研究成果: 圖書/報告稿件的類型 › 會議稿件 › 同行評審

4 引文斯高帕斯（Scopus）

摘要

The Domain Name System (DNS) is one of the critical components of modern Internet networking. Proper Internet functions (such as mail delivery, web browsing and so on) are typically not possible without the use of DNS. However with the growth and commercialization of global networking, this protocol is often abused for malicious purposes which negatively impacts the security of Internet users. In this paper we perform security data analysis of DNS traffic at large scale for a prolonged period of time. In order to do this, we developed DNSPacketlizer, a DNS traffic analysis tool and deployed it at a mid-scale Internet Service Provider (ISP) for a period of six months. The findings presented in this paper demonstrate persistent abuse of the protocol by Botnet herders and antivirus software vendors for covert communication. Other suspicious or potentially malicious activities in DNS traffic are also discussed.

原文	英語
主出版物標題	2013 43rd Annual IEEE/IFIP Conference on Dependable Systems and Networks Workshop, DSN-W 2013
DOIs	https://doi.org/10.1109/DSNW.2013.6615506
出版狀態	已出版 - 2013
對外發佈	是
事件	2013 43rd Annual IEEE/IFIP Conference on Dependable Systems and Networks Workshop, DSN-W 2013 - Budapest, 匈牙利持續時間: 24 06 2013 → 27 06 2013

出版系列

名字	Proceedings of the International Conference on Dependable Systems and Networks

Conference

Conference	2013 43rd Annual IEEE/IFIP Conference on Dependable Systems and Networks Workshop, DSN-W 2013
國家/地區	匈牙利
城市	Budapest
期間	24/06/13 → 27/06/13

存取文件

10.1109/DSNW.2013.6615506

其它文件與鏈接

Link to publication in Scopus

引用此

Yarochkin, F., Kropotov, V., Huang, Y., Ni, G. K., Kuo, S. Y., & Chen, I. Y. (2013). Investigating DNS traffic anomalies for malicious activities. 於 2013 43rd Annual IEEE/IFIP Conference on Dependable Systems and Networks Workshop, DSN-W 2013 文章 6615506 (Proceedings of the International Conference on Dependable Systems and Networks). https://doi.org/10.1109/DSNW.2013.6615506

@inproceedings{d55bb4ac84ba44a983c2044db2d127bf,

title = "Investigating DNS traffic anomalies for malicious activities",

abstract = "The Domain Name System (DNS) is one of the critical components of modern Internet networking. Proper Internet functions (such as mail delivery, web browsing and so on) are typically not possible without the use of DNS. However with the growth and commercialization of global networking, this protocol is often abused for malicious purposes which negatively impacts the security of Internet users. In this paper we perform security data analysis of DNS traffic at large scale for a prolonged period of time. In order to do this, we developed DNSPacketlizer, a DNS traffic analysis tool and deployed it at a mid-scale Internet Service Provider (ISP) for a period of six months. The findings presented in this paper demonstrate persistent abuse of the protocol by Botnet herders and antivirus software vendors for covert communication. Other suspicious or potentially malicious activities in DNS traffic are also discussed.",

author = "Fyodor Yarochkin and Vladimir Kropotov and Yennun Huang and Ni, {Guo Kai} and Kuo, {Sy Yen} and Chen, {Ing Yi}",

year = "2013",

doi = "10.1109/DSNW.2013.6615506",

language = "英语",

isbn = "9781479901814",

series = "Proceedings of the International Conference on Dependable Systems and Networks",

booktitle = "2013 43rd Annual IEEE/IFIP Conference on Dependable Systems and Networks Workshop, DSN-W 2013",

note = "2013 43rd Annual IEEE/IFIP Conference on Dependable Systems and Networks Workshop, DSN-W 2013 ; Conference date: 24-06-2013 Through 27-06-2013",

}

Yarochkin, F, Kropotov, V, Huang, Y, Ni, GK, Kuo, SY & Chen, IY 2013, Investigating DNS traffic anomalies for malicious activities. 於 2013 43rd Annual IEEE/IFIP Conference on Dependable Systems and Networks Workshop, DSN-W 2013., 6615506, Proceedings of the International Conference on Dependable Systems and Networks, 2013 43rd Annual IEEE/IFIP Conference on Dependable Systems and Networks Workshop, DSN-W 2013, Budapest, 匈牙利, 24/06/13. https://doi.org/10.1109/DSNW.2013.6615506

Investigating DNS traffic anomalies for malicious activities. / Yarochkin, Fyodor; Kropotov, Vladimir; Huang, Yennun 等.
2013 43rd Annual IEEE/IFIP Conference on Dependable Systems and Networks Workshop, DSN-W 2013. 2013. 6615506 (Proceedings of the International Conference on Dependable Systems and Networks).

研究成果: 圖書/報告稿件的類型 › 會議稿件 › 同行評審

TY - GEN

T1 - Investigating DNS traffic anomalies for malicious activities

AU - Yarochkin, Fyodor

AU - Kropotov, Vladimir

AU - Huang, Yennun

AU - Ni, Guo Kai

AU - Kuo, Sy Yen

AU - Chen, Ing Yi

PY - 2013

Y1 - 2013

N2 - The Domain Name System (DNS) is one of the critical components of modern Internet networking. Proper Internet functions (such as mail delivery, web browsing and so on) are typically not possible without the use of DNS. However with the growth and commercialization of global networking, this protocol is often abused for malicious purposes which negatively impacts the security of Internet users. In this paper we perform security data analysis of DNS traffic at large scale for a prolonged period of time. In order to do this, we developed DNSPacketlizer, a DNS traffic analysis tool and deployed it at a mid-scale Internet Service Provider (ISP) for a period of six months. The findings presented in this paper demonstrate persistent abuse of the protocol by Botnet herders and antivirus software vendors for covert communication. Other suspicious or potentially malicious activities in DNS traffic are also discussed.

AB - The Domain Name System (DNS) is one of the critical components of modern Internet networking. Proper Internet functions (such as mail delivery, web browsing and so on) are typically not possible without the use of DNS. However with the growth and commercialization of global networking, this protocol is often abused for malicious purposes which negatively impacts the security of Internet users. In this paper we perform security data analysis of DNS traffic at large scale for a prolonged period of time. In order to do this, we developed DNSPacketlizer, a DNS traffic analysis tool and deployed it at a mid-scale Internet Service Provider (ISP) for a period of six months. The findings presented in this paper demonstrate persistent abuse of the protocol by Botnet herders and antivirus software vendors for covert communication. Other suspicious or potentially malicious activities in DNS traffic are also discussed.

UR - http://www.scopus.com/inward/record.url?scp=84885975047&partnerID=8YFLogxK

U2 - 10.1109/DSNW.2013.6615506

DO - 10.1109/DSNW.2013.6615506

M3 - 会议稿件

AN - SCOPUS:84885975047

SN - 9781479901814

T3 - Proceedings of the International Conference on Dependable Systems and Networks

BT - 2013 43rd Annual IEEE/IFIP Conference on Dependable Systems and Networks Workshop, DSN-W 2013

T2 - 2013 43rd Annual IEEE/IFIP Conference on Dependable Systems and Networks Workshop, DSN-W 2013

Y2 - 24 June 2013 through 27 June 2013

ER -

Investigating DNS traffic anomalies for malicious activities

摘要

出版系列

Conference

存取文件

其它文件與鏈接

指紋

引用此