Design and Implementation of NS Record History Database for Detecting DNS-based Botnet Communication

Hikaru Ichise; Yong Jin; Katsuyoshi Iida

首页> 外文期刊>電子情報通信学会技術研究報告. インターネットアーキテクチャ. Internet Architecture >Design and Implementation of NS Record History Database for Detecting DNS-based Botnet Communication

【24h】

Design and Implementation of NS Record History Database for Detecting DNS-based Botnet Communication

机译：NS记录历史数据库的设计与实现，用于检测基于DNS的僵尸网络通信

获取原文

获取原文并翻译 | 示例

掌桥外文数据库（机构版） >>

开具论文收录证明 >>

文献代查 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

DNS (Domain Name System) based domain name resolution service is one of the most fundamental Internet services for the Internet users and application service providers. In normal DNS based domain name resolution, the corresponding NS records are required in prior to sending DNS query to the corresponding authoritative DNS servers. However, in recent years, DNS based botnet communication has been observed in which botnet related network traffic is transferred via DNS packets. In particular, sending DNS queries to C&C servers using IP address directly without obtaining the corresponding NS records is present in some malware. In this paper, we focus on this type of botnet communication and design a NS record history database for detecting DNS-based botnet communication. We implemented a prototype system and evaluated the feature of NS records history creation as well as the checking function. Based on the evaluation results we confirmed the proposed database worked as we designed and it is expected to detect the target botnet communication.

机译：基于DNS（域名系统）的域名解析服务是Internet用户和应用程序服务提供商最基本的Internet服务之一。在基于正常的DNS域名分辨率中，在向相应的权威DNS服务器发送DNS查询之前，需要相应的NS记录。然而，近年来，已经观察到基于DNS的僵尸网络通信，其中僵尸网络相关网络流量通过DNS分组传输。特别是，在某些恶意软件中，存在使用IP地址向C＆C服务器发送DNS查询，而在某些恶意软件中存在。在本文中，我们专注于这种类型的僵尸网络通信和设计NS记录历史数据库，用于检测基于DNS的僵尸网络通信。我们实现了一个原型系统，并评估了NS记录历史创建的功能以及检查功能。根据评估结果，我们确认了所拟议的数据库，如我们所设计的，预计将检测目标僵尸网络通信。

著录项

来源
《電子情報通信学会技術研究報告. インターネットアーキテクチャ. Internet Architecture》 |2017年第299期|共5页
作者
Hikaru Ichise; Yong Jin; Katsuyoshi Iida;
展开▼
作者单位

Technical Department Tokyo Institute of Technology;

Global Scientific Information and Computing Center Tokyo Institute of Technology;

Information Initiative Center Hokkaido University;

展开▼
收录信息
原文格式 PDF
正文语种 eng
中图分类 TN-53;
关键词
Botnet communication; DNS; NS record history; Database;

机译：僵尸网络通信;DNS;NS记录历史;数据库;

相似文献

外文文献
中文文献
专利

1. Design and Implementation of NS Record History Database for Detecting DNS-based Botnet Communication [J] . Hikaru Ichise, Yong Jin, Katsuyoshi Iida 電子情報通信学会技術研究報告. インターネットアーキテクチャ. Internet Architecture . 2017,第299期

机译：NS记录历史数据库的设计与实现，用于检测基于DNS的僵尸网络通信
2. Design And Implementation Of Tool For Detecting Anti-Patterns In Relational Database [J] . Gaurav Kumar, Rahul Kumar Yadav, Sanjay Bhutungru International Journal of Scientific & Technology Research . 2017,第7期

机译：关系数据库中反模式检测工具的设计与实现
3. Design And Implementation Of Tool For Detecting Anti-Patterns In Relational Database [J] . Gaurav Kumar, Rahul Kumar Yadav, Sanjay Bhutungru International Journal of Scientific & Technology Research . 2017,第7期

机译：关系数据库中反模式检测工具的设计与实现
4. Detection Method of DNS-based Botnet Communication Using Obtained NS Record History [C] . Ichise Hikaru, Jin Yong, Iida Katsuyoshi 2015 IEEE 39th Annual Computer Software and Applications Conference Workshops . 2015

机译：基于获取的NS记录历史的基于DNS的僵尸网络通信检测方法
5. ROVER: A DNS-based method to detect and prevent IP hijacks [D] . Gersch, Joseph E. 2013

机译：流浪者：一种基于DNS的方法来检测和防止IP劫持
6. Marco (Medical Record Communications) - System Concept Design and Evaluation [O] . P. H. Moffatt, B. D. Heisler, W. D. Mela, 1978

机译：Marco（病历通讯）-系统概念设计和评估
7. NS record History Based Abnormal DNS traffic Detection Considering Adaptive Botnet Communication Blocking [O] . Hikaru Ichise, Yong Jin, Katsuyoshi Iida, 2020

机译：考虑自适应僵尸网络通信阻止，NS记录基于历史的异常DNS流量检测

Design and Implementation of NS Record History Database for Detecting DNS-based Botnet Communication

摘要

著录项

相似文献

相关主题

期刊订阅