Hokkaido University Collection of Scholarly and Academic Papers >
Information Initiative Center >
Peer-reviewed Journal Articles, etc >
Policy-based Detection and Blocking System for Abnormal Direct Outbound DNS Queries using RPZ
Title: | Policy-based Detection and Blocking System for Abnormal Direct Outbound DNS Queries using RPZ |
Authors: | Ichise, Hikaru Browse this author | Jin, Yong Browse this author →KAKEN DB | Iida, Katsuyoshi Browse this author →KAKEN DB |
Keywords: | Botnet | abnormal DNS traffic | DNS | NS record | RPZ | SDN | direct outbound DNS query |
Issue Date: | 26-Jul-2022 |
Publisher: | International Workshop on Computer Science and Engineering |
Citation: | Proceedings of 2022 the 12th International Workshop on Computer Science and Engineering (WCSE 2022) |
Start Page: | 327 |
End Page: | 332 |
Publisher DOI: | 10.18178/wcse.2022.06.047 |
Abstract: | Bot-infected computers sending direct outbound DNS queries without obtaining the information of authoritative DNS servers from the DNS full resolvers set up in the internal network have become a critical security issue nowadays. In DNS protocol, the domain name resolution process obtains the information of necessary authoritative DNS name servers (NS records) at the beginning and then achieves the answers of the original DNS queries which is accomplished via the DNS full-service resolvers. However, some types of bot programs violate the DNS protocol process and send the direct outbound DNS queries to its Command and Control (C&C) servers (malicious DNS servers) for bot communication. We have investigated the detection and blocking the direct outbound DNS queries by using MySQL at an early stage. However, the network latency was arising as a critical issue. In this advanced research, we propose a policy- based detection and blocking system for abnormal direct outbound DNS queries using DNS Response Policy Zones (DNS RPZ) in order to solve the issues. In this paper, we describe the design of the proposed system and introduce an implemented prototype system. In addition, we also describe the preliminary evaluation results per feature of the proposed system conducted on the prototype, and finally, we introduce the tasks planed for future work. |
Description: | 2022 the 12th International Conference on Computer Science and Engineering, June 24-27, 2022, held as an online event. |
Conference Name: | International Workshop on Computer Science and Engineering |
Conference Sequence: | 12 |
Type: | proceedings |
URI: | http://hdl.handle.net/2115/86951 |
Appears in Collections: | 情報基盤センター (Information Initiative Center) > 雑誌発表論文等 (Peer-reviewed Journal Articles, etc)
|
Submitter: 飯田 勝吉
|