Figure 5
Source publication
Context in source publication
Similar publications
Las crecidas e inundaciones fluviales constituyen uno de los riesgos naturales más importantes y extendidos del mundo. Por este motivo, su estudio y análisis representan una gran oportunidad de prevención y protección hacia el territorio. En este estudio se ha evaluado la peligrosidad y el riesgo de inundación del río Ega en su tramo medio en la Co...
Citations
... DNS Protocol Attacks: DNS protocol attacks exploit vulnerabilities in the way DNS functions on a network [178]. Three prevalent types are DNS cache poisoning, DNS spoofing, and DNS ID hijacking. ...
TCP/IP is the backbone of modern network communication, connecting devices across the world. TCP/IP at its core is a suite of protocols that enables the transmission of data between computers, facilitating the foundation of the interconnected global network. At the Application Layer of TCP/IP is where the interaction between software applications and the network occurs. The user-centric protocols such as HTTP, SMTP, FTP, POP3, IMAP and DNS facilitate various tasks at this layer such as web browsing, email communication, and file transfer. This comprehensive survey conducted an exploration of the performance, security and privacy issues at the application layer of the TCP/IP. It initiated by providing a background of TCP/IP model, it's architecture and the core characteristics, with major focus on the application layer. This paper aimed to discuss the state-of-the-art of performance, privacy and security concerns in TCP/IP application layer. It also proposed future research areas to equip researchers, practitioners, policy makers and the decision makers with tangible knowledge, offering guidance in navigating the performance, privacy and security concerns in TCP/IP Application Layer. It aimed to discuss the current performance, privacy and security research gaps at the Application Layer of the TCP/IP Model. The findings of this research sheds light on the performance, privacy and security issues while suggesting the countermeasures to strengthen and optimize the overall performance, security and privacy of TCP/IP model at the application layer. The paper finally suggests future directions and research areas at the TCP/IP application layer.
... Most attacks involve the DNS in some way or another [21,23]. However, certain attacks rely primarily on DNS. ...
Fast-flux service networks (FFSNs) continue to be one of the major problems in today’s Internet. It is a mechanism botherders commonly use to provide highly resilient service for their malicious servers while remaining hidden from direct access. This is achieved by configuring many botnet machines to work as proxies that relay traffic between end users and malicious servers controlled by botherders. FFSNs are becoming popular for hosting malicious services and illegal content such as drug and pharmaceutical products, malware, and botnets command and control servers. FFSNs represent a challenging issue due to their simple yet powerful concealment of malicious network services. This book chapter comprehensively discusses FFSNs, focusing on fast-flux architecture, operation, and characterization. Also, it provides a review of fast-flux detection mechanisms and highlights the main challenges and future research directions.
... These parameters can be changed from recursive to authoritative during the query flow. Kim and Reeves (2020) describe DNS server attacks as acts of data tampering, flooding, DNS abuse and counter DNS server structure. This classification makes it possible to analyse them by areas according to attackers' different interests The present work aims to analyse DNS cache poisoning, which, according to Kim and Reeves (2020), falls under the data tampering mode. ...
... Kim and Reeves (2020) describe DNS server attacks as acts of data tampering, flooding, DNS abuse and counter DNS server structure. This classification makes it possible to analyse them by areas according to attackers' different interests The present work aims to analyse DNS cache poisoning, which, according to Kim and Reeves (2020), falls under the data tampering mode. Zhang et al. (2021) and Kaminsky et al. (2008) mention that one of the first DNS cache poisoning was discovered by Kaminsky in 2008. ...
... According to Tripathi, Swarnkare and Hubballi (2018), this method allows the IP packet fields to be filled in with an address that does not match the real IP, thereby misleading users into making insecure connections (Figure 1). Wang (2014), Kim and Reeves (2020) and Zhang et al. (2021) ...
Domain name resolution servers (DNS) perform a key function in establishing access to web pages. Because of their importance, they are constant targets for cyber-attacks, which aim to erase or replace some of their records, causing huge losses for users, companies and institutions worldwide. In Brazil, to prevent such attacks, a legal provision is established that criminally typifies the invasion of computer devices connected to the World Wide Web, which includes attacks on the DNS service. Still, cyber-attack identification is difficult as it depends on the correct application of means of protection, monitoring of network services and extraction and interpretation of data that allow the identification of criminal factors. The present work proposes a computational forensics approach to automatically detect the occurrence of a DNS cache poisoning attack, subsuming the elements that constitute the attack to the legal device, thus identifying the occurrence of a crime.
... DNS transfers human-readable domain names to IP addresses that computers may use to transport packets over the Internet. DNS analysis provides various advantages over blacklists for detecting malicious domains [5][6][7]. DNS traffic provides several features to detect malicious domain names. A huge variety of attributes and traffic data make DNS traffic an ideal choice for machine learning (ML) security efforts. ...
... In contrast, software filters provide powerful matching semantics but struggle to meet line speed. The key challenge in such a design arises from the dependencies between classification rules due to their relative priorities within the rule set: complex rules requiring software-based processing may be interleaved at arbitrary positions between those where hardware processing is feasible [4,6,8,46]. The superiority of the proposed approach on the physical platform (Firewall) lies in the fact that it is effective against modern attacks, cannot be circumvented with spoofing, cannot make decisions based on application or authentication, and allows for a huge, easily managed rule list. ...
... Step 3: Feature Extraction Feature extraction is a dimensionality reduction procedure that reduces a collection of raw variables to more manageable groupings (features) for processing [6,8,12,13]. The success of a machine learning model depends on the quality of the training data and feature representation. ...
To combat malicious domains, which serve as a key platform for a wide range of attacks, domain name service (DNS) data provide rich traces of Internet activities and are a powerful resource. This paper presents new research that proposes a model for finding malicious domains by passively analyzing DNS data. The proposed model builds a real-time, accurate, middleweight, and fast classifier by combining a genetic algorithm for selecting DNS data features with a two-step quantum ant colony optimization (QABC) algorithm for classification. The modified two-step QABC classifier uses K-means instead of random initialization to place food sources. In order to overcome ABCs poor exploitation abilities and its convergence speed, this paper utilizes the metaheuristic QABC algorithm for global optimization problems inspired by quantum physics concepts. The use of the Hadoop framework and a hybrid machine learning approach (K-mean and QABC) to deal with the large size of uniform resource locator (URL) data is one of the main contributions of this paper. The major point is that blacklists, heavyweight classifiers (those that use more features), and lightweight classifiers (those that use fewer features and consume the features from the browser) may all be improved with the use of the suggested machine learning method. The results showed that the suggested model could work with more than 96.6% accuracy for more than 10 million query–answer pairs.
... The threat consequence is TC-2. The techniques can be in the form of DNS server spoofing where the attacker diverts the victim's traffic to a malicious IP address [94] and this is achieved by using DNS cache poisoning, Kaminsky attack, or DNS hijacking (DNSpionage) [95]. The same spoofing technique can be used on the Docker Hub (DS-2) and can lead to a malicious image being pulled to the Docker Host. ...
... DNSSEC defined in RFC4033 (Arends et al., 2005) provides a marked increase in security offered to the venerable global name resolution system that is DNS. DNS being at the core of almost all Internet communications, it is also vulnerable to interception, corruption and other attacks (Ariyapperuma & Mitchell, 2007;Dooley & Rooney, 2017;Kim & Reeves, 2020). DNSSEC provides a twin pronged approach for mitigating this. ...
The Domain Name System Security Extension (DNSSEC) is a cryptographic extension to the Domain Name System (DNS). The DNSSEC gives the DNS hierarchy a chain of trust from the root zone all the way down to the domain. By utilising DNSSEC, the client can verify that the DNS server’s response has not been tampered with in transit using strong trustworthy cryptographic algorithms. This paper presents a pilot research into the adoption of DNSSEC in Norwegian (.NO) ccTLD. The data set investigated in this researched a collection of Norwegian businesses that have a domain within the Norwegian ccTLD. This research found out that the Norwegian ccTLD adoption rate is amongst one of the highest compared to other ccTLDs. The DNSKEY resource records (RRs) collected in this research were used to identify some potential weaknesses. These possible weaknesses include the algorithm used, how long validity there was on the DNSKEY, and shared DNSKEY values across multiple domains.
... DNSSEC defined in RFC4033 (Arends et al., 2005) provides a marked increase in security offered to the venerable global name resolution system that is DNS. DNS being at the core of almost all Internet communications, it is also vulnerable to interception, corruption and other attacks (Ariyapperuma & Mitchell, 2007;Dooley & Rooney, 2017;Kim & Reeves, 2020). DNSSEC provides a twin pronged approach for mitigating this. ...
The Domain Name System Security Extension (DNSSEC) is a cryptographic extension to the Domain Name System (DNS). The DNSSEC gives the DNS hierarchy a chain of trust from the root zone all the way down to the domain. By utilising DNSSEC, the client can verify that the DNS server's response has not been tampered with in transit using strong trustworthy cryptographic algorithms. This paper presents a pilot research into the adoption of DNSSEC in Norwegian (.NO) ccTLD. The data set investigated in this researched a collection of Norwegian businesses that have a domain within the Norwegian ccTLD. This research found out that the Norwegian ccTLD adoption rate is amongst one of the highest compared to other ccTLDs. The DNSKEY resource records (RRs) collected in this research were used to identify some potential weaknesses. These possible weaknesses include the algorithm used, how long validity there was on the DNSKEY, and shared DNSKEY values across multiple domains.
... It is frequently referred to as a telephone directory that translates the domain name to an IP address, thus allowing the browser to access the Internet resources. However, the main vulnerability in DNS is security (Kim and Reeves, 2020). Since DNS does not provide any mechanism for verifying the correct translation of IP addresses, DNS can be manipulated or intercepted by attackers. ...
DNS is a well-known and important protocol on the Internet. Its main function is to translate domain names and Internet protocol addresses to allow users to access the Internet. However, it was created without consideration of security factors. Due to the vulnerabilities found in the DNS, it is often the main target of hackers for carrying out DNS spoofing attacks. To overcome this problem, DNSSEC is introduced. DNSSEC uses cryptographic public keys to create digital signatures in DNS and provides the origin authority, data integrity, and authenticated denial of existence. Therefore, in order to improve the security features of the domain in Malaysia, the implementation of DNSSEC is first performed on the domains of the Government of Malaysia. In this paper, we describe the DNSSEC implementation strategy which was performed on the Malaysian Government's domains under the administration of MAMPU. This DNSSEC process took almost a year to implement and it involved a total of 439 domains. With the implementation of DNSSEC on the .gov.my domain names, the level of security is enhanced, and it brings a significant impact on the digital transformation and digital transactions that are provided by the Government of Malaysia to its people.
... On DNS, there are several cyberattacks; we have seen in the recent past. There are different types of DNS attacks people have encountered: Domain hijacking, DNS flood attack, DDOS or DRDOS, DNS cache poisoning, DNS tunneling, DNS hijacking, random subdomain, and NXDOMAIN attack [5]. The different types of DNS attacks can be seen in Figure 2. According to a survey of 900 technology professions across North America, Europe, and the Asia Pacific, the "2020 Global DNS Threat Report" found that 79% of organizations were affected by DNS attacks in 2019. ...
... In practice, an enterprise network can generate millions of DNS queries and responses a day. The DNS traffic includes crucial data such as IP addresses, destination, source port number, and transaction ID, which can be exploited by attackers [9][10][11]. Furthermore, attackers can obtain sensitive information to create user profile and exploit it to launch attacks or even for the calculation of a user's geographical area [12]. ...
In spite of protection mechanisms for Domain Name System (DNS), such as IP blacklist and DNS Firewall, DNS still has privacy issues in reality, since DNS is a plain-text protocol. Recently, to resolve this problem, an encrypted DNS, called DNS-over-HTTPS (DoH), has been developed, and is becoming more widespread. As the secured version of DNS, DoH guarantees privacy and security to prevent various attacks such as eavesdropping and manipulating DNS data by using the HTTPS protocol to encrypt the data between the DoH client and the DoH-based DNS resolver. DoH is one of the best security options for an enterprise network where more sensitive data protection is required. However, DoH may cause an unintended security breach, i.e., information leakage via malicious DoH tunneling. Since the DoH traffic is encrypted and indistinguishable from other HTTPS traffic, data hidden inside DoH packets can be easily leaked out of an enterprise network. Although some countermeasures to detect DoH tunneling attacks have been proposed, they still have limitations. Previous research used Supervised Machine Learning methods to detect DoH tunneling, which required a high volume of labeled data. In practice, collecting and labeling all of the data is an impossible task, especially in DoH, when all of the data are encrypted. Furthermore, Supervised Machine Learning methods rely heavily on human-engineered feature extraction, which makes classifying encrypted DoH traffic difficult. Furthermore, no previous research has mentioned a complete functional DoH detection applied to network infrastructure. Therefore, we propose a detection system for DoH tunneling attacks based on Transformer to detect a malicious DoH tunneling and build a fully functional DoH detection system that can be integrated with the security operation system of an enterprise network. The experiment results show a significant improvement compared with previous works.
