情報学広場：情報処理学会電子図書館

WEKO3

To

lat lon distance

[[sub_check.contents]]

[[sub_check.contents]]

[[sub_radio.contents]]

To

Field does not validate

[[sub_attr.contents]]　

インデックスツリー

アイテム

Detection of DNS Cache Poisoning Attack in DNS Standard Resolution Traffic

https://ipsj.ixsq.nii.ac.jp/records/75680

名前 / ファイル	ライセンス	アクション
IPSJ-CSEC11053001.pdf (561.8 kB)	Copyright (c) 2011 by the Information Processing Society of Japan
オープンアクセス

Item type

SIG Technical Reports(1)

公開日

2011-05-05

タイトル

タイトル

Detection of DNS Cache Poisoning Attack in DNS Standard Resolution Traffic

タイトル

言語

en

タイトル

Detection of DNS Cache Poisoning Attack in DNS Standard Resolution Traffic

言語

言語

eng

資源タイプ

資源タイプ識別子

http://purl.org/coar/resource_type/c_18gh

資源タイプ

technical report

著者所属

Center for Multimedia and Information Technologies (CMIT), Kumamoto University

著者所属

NRI Secure Technologies, Ltd.

著者所属

Center for Multimedia and Information Technologies (CMIT), Kumamoto University

著者所属

Center for Multimedia and Information Technologies (CMIT), Kumamoto University

著者所属(英)

en

Center for Multimedia and Information Technologies (CMIT), Kumamoto University

著者所属(英)

en

NRI Secure Technologies, Ltd.

著者所属(英)

en

Center for Multimedia and Information Technologies (CMIT), Kumamoto University

著者所属(英)

en

Center for Multimedia and Information Technologies (CMIT), Kumamoto University

著者名

著者名(英)

論文抄録

内容記述タイプ

Other

内容記述

We statistically investigated the total A resource record (RR) based DNS query request packet traffic from the Internet to the top domain DNS server in a university campus network through January 1st to December 31st, 2010. The obtained results are: (1) We found five DNS Cache Poisoning (DNSCP) attacks in observation of rapid decrease in the unique source IP address based entropy of the DNS query packet traffic and significant increase in the unique DNS query keyword based one. (2) Also, we found five DNSCP attacks in the score changes for detection method using the calculated restricted Damerau-Levenshtein distance (restricted edit distance) between the observed query keyword and the last one by employing both threshold ranges through 1 to 40. Therefore, it is possible that the restricted Damerau-Levenshtein distance based detection technology can detect the DNSCP attacks.

論文抄録(英)

内容記述タイプ

Other

内容記述

We statistically investigated the total A resource record (RR) based DNS query request packet traffic from the Internet to the top domain DNS server in a university campus network through January 1st to December 31st, 2010. The obtained results are: (1) We found five DNS Cache Poisoning (DNSCP) attacks in observation of rapid decrease in the unique source IP address based entropy of the DNS query packet traffic and significant increase in the unique DNS query keyword based one. (2) Also, we found five DNSCP attacks in the score changes for detection method using the calculated restricted Damerau-Levenshtein distance (restricted edit distance) between the observed query keyword and the last one by employing both threshold ranges through 1 to 40. Therefore, it is possible that the restricted Damerau-Levenshtein distance based detection technology can detect the DNSCP attacks.

書誌レコードID

収録物識別子タイプ

NCID

収録物識別子

AA11235941

書誌情報

研究報告コンピュータセキュリティ（CSEC）

巻 2011-CSEC-53, 号 1, p. 1-6, 発行日 2011-05-05

Notice

SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc.

出版者

言語

ja

出版者

情報処理学会

戻る

0

views

	Views

Versions

Ver.1

2025-01-21 21:06:09.162471

Show All versions

Share

Cite as

エクスポート

OAI-PMH

JPCOAR
DublinCore
DDI

Other Formats

JSON
BIBTEX