2026-03-11T04:41:41Z https://ipsj.ixsq.nii.ac.jp/oai

oai:ipsj.ixsq.nii.ac.jp:00183605 2025-01-20T03:36:09Z 581:8997:9007

Detection and Filtering System for DNS Water Torture Attacks Relying Only on Domain Name Information Detection and Filtering System for DNS Water Torture Attacks Relying Only on Domain Name Information Takuro, Yoshida Kento, Kawakami Ryotaro, Kobayashi Masahiko, Kato Masayuki, Okada Hiroyuki, Kishimoto Takuro, Yoshida Kento, Kawakami Ryotaro, Kobayashi Masahiko, Kato Masayuki, Okada Hiroyuki, Kishimoto [特集：高度化するサイバー攻撃に対応するコンピュータセキュリティ技術] DNS, DDoS, IPS, water torture attacks, pseudo-random subdomain attacks, naïve Bayes classifier Water torture attacks are a recently emerging type of Distributed Denial-of-Service (DDoS) attack on Domain Name System (DNS) servers. They generate a multitude of malicious queries with randomized, unique subdomains. This paper proposes a detection method and a filtering system for water torture attacks. The former is an enhancement of our previous effort so as to achieve packet-by-packet, on-the-fly processing, and the latter is an application of our current method mainly for defending recursive servers. Our proposed method detects malicious queries by analyzing their subdomains with a naïve Bayes classifier. Considering large-scale applications, we focus on achieving high throughput as well as high accuracy. Experimental results indicate that our method can detect attacks with 98.16% accuracy and only a 1.55% false positive rate, and that our system can process up to 7.44Mpps of traffic. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.25(2017) (online) DOI　http://dx.doi.org/10.2197/ipsjjip.25.854 ------------------------------ Water torture attacks are a recently emerging type of Distributed Denial-of-Service (DDoS) attack on Domain Name System (DNS) servers. They generate a multitude of malicious queries with randomized, unique subdomains. This paper proposes a detection method and a filtering system for water torture attacks. The former is an enhancement of our previous effort so as to achieve packet-by-packet, on-the-fly processing, and the latter is an application of our current method mainly for defending recursive servers. Our proposed method detects malicious queries by analyzing their subdomains with a naïve Bayes classifier. Considering large-scale applications, we focus on achieving high throughput as well as high accuracy. Experimental results indicate that our method can detect attacks with 98.16% accuracy and only a 1.55% false positive rate, and that our system can process up to 7.44Mpps of traffic. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.25(2017) (online) DOI　http://dx.doi.org/10.2197/ipsjjip.25.854 ------------------------------ journal article 2017-09-15 application/pdf 情報処理学会論文誌 9 58 1882-7764 AN00116647 https://ipsj.ixsq.nii.ac.jp/record/183605/files/IPSJ-JNL5809007.pdf eng