Topic
DNS hijacking
About: DNS hijacking is a research topic. Over the lifetime, 734 publications have been published within this topic receiving 18573 citations. The topic is also known as: DNS spoofing.
Papers published on a yearly basis
Papers
Proceedings Article•
11 Aug 2010TL;DR: Notos, a dynamic reputation system for DNS, is proposed that malicious, agile use of DNS has unique characteristics and can be distinguished from legitimate, professionally provisioned DNS services.
Abstract: The Domain Name System (DNS) is an essential protocol used by both legitimate Internet applications and cyber attacks For example, botnets rely on DNS to support agile command and control infrastructures An effective way to disrupt these attacks is to place malicious domains on a "blocklist" (or "blacklist") or to add a filtering rule in a firewall or network intrusion detection system To evade such security countermeasures, attackers have used DNS agility, eg, by using new domains daily to evade static blacklists and firewalls In this paper we propose Notos, a dynamic reputation system for DNS The premise of this system is that malicious, agile use of DNS has unique characteristics and can be distinguished from legitimate, professionally provisioned DNS services Notos uses passive DNS query data and analyzes the network and zone features of domains It builds models of known legitimate domains and malicious domains, and uses these models to compute a reputation score for a new domain indicative of whether the domain is malicious or legitimate We have evaluated Notos in a large ISP's network with DNS traffic from 14 million users Our results show that Notos can identify malicious domains with high accuracy (true positive rate of 968%) and low false positive rate (038%), and can identify these domains weeks or even months before they appear in public blacklists
502 citations
1 Jan 1997
TL;DR: Extensions to the DNS are described that provide these services to security aware resolvers or applications through the use of cryptographic digital signatures and are included in secured zones as resource records.
Abstract: The Domain Name System (DNS) has become a critical operational part of the Internet infrastructure yet it has no strong security mechanisms to assure data integrity or authentication. Extensions to the DNS are described that provide these services to security aware resolvers or applications through the use of cryptographic digital signatures. These digital signatures are included in secured zones as resource records. Security can still be provided even through non-security aware DNS servers in many cases.
502 citations
Patent•
31 Oct 2005TL;DR: In this paper, the edge DNS cache servers are published as the authoritative servers for customer domains instead of the origin server, and when a request for a DNS record results in a cache miss, the edge cache servers get the information from the origin servers and cache it for use in response to future requests.
Abstract: A distributed DNS network includes a central origin server that actually controls the zone, and edge DNS cache servers configured to cache the DNS content of the origin server. The edge DNS cache servers are published as the authoritative servers for customer domains instead of the origin server. When a request for a DNS record results in a cache miss, the edge DNS cache servers get the information from the origin server and cache it for use in response to future requests. Multiple edge DNS cache servers can be deployed at multiple locations. Since an unlimited number of edge DNS cache servers can be deployed, the system is highly scalable. The disclosed techniques protect against DoS attacks, as DNS requests are not made to the origin server directly.
370 citations
TL;DR: The Exposure system, a system designed to detect malicious domains in real time, by applying 15 unique features grouped in four categories, is presented and the results and lessons learned from 17 months of its operation are described.
Abstract: A wide range of malicious activities rely on the domain name service (DNS) to manage their large, distributed networks of infected machines. As a consequence, the monitoring and analysis of DNS queries has recently been proposed as one of the most promising techniques to detect and blacklist domains involved in malicious activities (e.g., phishing, spam, botnets command-and-control, etc.). EXPOSURE is a system we designed to detect such domains in real time, by applying 15 unique features grouped in four categories.We conducted a controlled experiment with a large, real-world dataset consisting of billions of DNS requests. The extremely positive results obtained in the tests convinced us to implement our techniques and deploy it as a free, online service. In this article, we present the Exposure system and describe the results and lessons learned from 17 months of its operation. Over this amount of time, the service detected over 100K malicious domains. The statistics about the time of usage, number of queries, and target IP addresses of each domain are also published on a daily basis on the service Web page.
360 citations
Proceedings Article•
29 Mar 2004TL;DR: This paper describes the design and implementation of Semantic Free Referencing (SFR), a reference resolution infrastructure based on distributed hash tables (DHTs) that dissolves the ill-fated union between DNS and the Web.
Abstract: The Web relies on the Domain Name System (DNS) to resolve the hostname portion of URLs into IP addresses. This marriage-of-convenience enabled the Web's meteoric rise, but the resulting entanglement is now hindering both infrastructures--the Web is overly constrained by the limitations of DNS, and DNS is unduly burdened by the demands of the Web. There has been much commentary on this sad state-of-affairs, but dissolving the ill-fated union between DNS and the Web requires a new way to resolve Web references. To this end, this paper describes the design and implementation of Semantic Free Referencing (SFR), a reference resolution infrastructure based on distributed hash tables (DHTs).
278 citations
Related Topics (5)
Performance Metrics
| Year | Papers |
|---|---|
| 2021 | 3 |
| 2020 | 6 |
| 2019 | 11 |
| 2018 | 19 |
| 2017 | 35 |
| 2016 | 66 |