@article{oai:ipsj.ixsq.nii.ac.jp:00183605,
 author = {Takuro, Yoshida and Kento, Kawakami and Ryotaro, Kobayashi and Masahiko, Kato and Masayuki, Okada and Hiroyuki, Kishimoto and Takuro, Yoshida and Kento, Kawakami and Ryotaro, Kobayashi and Masahiko, Kato and Masayuki, Okada and Hiroyuki, Kishimoto},
 issue = {9},
 journal = {情報処理学会論文誌},
 month = {Sep},
 note = {Water torture attacks are a recently emerging type of Distributed Denial-of-Service (DDoS) attack on Domain Name System (DNS) servers. They generate a multitude of malicious queries with randomized, unique subdomains. This paper proposes a detection method and a filtering system for water torture attacks. The former is an enhancement of our previous effort so as to achieve packet-by-packet, on-the-fly processing, and the latter is an application of our current method mainly for defending recursive servers. Our proposed method detects malicious queries by analyzing their subdomains with a naïve Bayes classifier. Considering large-scale applications, we focus on achieving high throughput as well as high accuracy. Experimental results indicate that our method can detect attacks with 98.16% accuracy and only a 1.55% false positive rate, and that our system can process up to 7.44Mpps of traffic.
------------------------------
This is a preprint of an article intended for publication Journal of
Information Processing(JIP). This preprint should not be cited. This
article should be cited as: Journal of Information Processing Vol.25(2017) (online)
DOI　http://dx.doi.org/10.2197/ipsjjip.25.854
------------------------------, Water torture attacks are a recently emerging type of Distributed Denial-of-Service (DDoS) attack on Domain Name System (DNS) servers. They generate a multitude of malicious queries with randomized, unique subdomains. This paper proposes a detection method and a filtering system for water torture attacks. The former is an enhancement of our previous effort so as to achieve packet-by-packet, on-the-fly processing, and the latter is an application of our current method mainly for defending recursive servers. Our proposed method detects malicious queries by analyzing their subdomains with a naïve Bayes classifier. Considering large-scale applications, we focus on achieving high throughput as well as high accuracy. Experimental results indicate that our method can detect attacks with 98.16% accuracy and only a 1.55% false positive rate, and that our system can process up to 7.44Mpps of traffic.
------------------------------
This is a preprint of an article intended for publication Journal of
Information Processing(JIP). This preprint should not be cited. This
article should be cited as: Journal of Information Processing Vol.25(2017) (online)
DOI　http://dx.doi.org/10.2197/ipsjjip.25.854
------------------------------},
 title = {Detection and Filtering System for DNS Water Torture Attacks Relying Only on Domain Name Information},
 volume = {58},
 year = {2017}
}