HUSCAP logo Hokkaido Univ. logo

Hokkaido University Collection of Scholarly and Academic Papers >
Information Initiative Center >
Peer-reviewed Journal Articles, etc >

Policy-based Detection and Blocking System for Abnormal Direct Outbound DNS Queries using RPZ

Files in This Item:

The file(s) associated with this item can be obtained from the following URL: https://doi.org/10.18178/wcse.2022.06.047


Title: Policy-based Detection and Blocking System for Abnormal Direct Outbound DNS Queries using RPZ
Authors: Ichise, Hikaru Browse this author
Jin, Yong Browse this author →KAKEN DB
Iida, Katsuyoshi Browse this author →KAKEN DB
Keywords: Botnet
abnormal DNS traffic
DNS
NS record
RPZ
SDN
direct outbound DNS query
Issue Date: 26-Jul-2022
Publisher: International Workshop on Computer Science and Engineering
Citation: Proceedings of 2022 the 12th International Workshop on Computer Science and Engineering (WCSE 2022)
Start Page: 327
End Page: 332
Publisher DOI: 10.18178/wcse.2022.06.047
Abstract: Bot-infected computers sending direct outbound DNS queries without obtaining the information of authoritative DNS servers from the DNS full resolvers set up in the internal network have become a critical security issue nowadays. In DNS protocol, the domain name resolution process obtains the information of necessary authoritative DNS name servers (NS records) at the beginning and then achieves the answers of the original DNS queries which is accomplished via the DNS full-service resolvers. However, some types of bot programs violate the DNS protocol process and send the direct outbound DNS queries to its Command and Control (C&C) servers (malicious DNS servers) for bot communication. We have investigated the detection and blocking the direct outbound DNS queries by using MySQL at an early stage. However, the network latency was arising as a critical issue. In this advanced research, we propose a policy- based detection and blocking system for abnormal direct outbound DNS queries using DNS Response Policy Zones (DNS RPZ) in order to solve the issues. In this paper, we describe the design of the proposed system and introduce an implemented prototype system. In addition, we also describe the preliminary evaluation results per feature of the proposed system conducted on the prototype, and finally, we introduce the tasks planed for future work.
Description: 2022 the 12th International Conference on Computer Science and Engineering, June 24-27, 2022, held as an online event.
Conference Name: International Workshop on Computer Science and Engineering
Conference Sequence: 12
Type: proceedings
URI: http://hdl.handle.net/2115/86951
Appears in Collections:情報基盤センター (Information Initiative Center) > 雑誌発表論文等 (Peer-reviewed Journal Articles, etc)

Submitter: 飯田 勝吉

Export metadata:

OAI-PMH ( junii2 , jpcoar_1.0 )

MathJax is now OFF:


 

 - Hokkaido University