Daishi Kondo scite author profile

Information leakages are one of the main security threats in today's Internet. As ICN is expected to become the core architecture for Future Internet, it is therefore mandatory to prevent this threat. This paper proves that some ICN configuration prevents information leakages via Data packets and shows that it is an open problem to prevent interest packets from carrying encoded crucial information in their names. Assuming that names in ICN will follow the current URL format commonly used in the Internet, we get the statistics of web URL based on extensive crawling experiments of main internet organizations. Then we propose a simple filtering technique based on these statistics for firewall to detect anomalous names in ICN. The experiment shows that our filtering technique recognizes 15% of names in our dataset as malicious. As the false positive rate is still high for this filter to be used in a real world operation, this work is an important step for detecting anomalous names and preventing information-leakage in ICN.

show abstract

DNS Tunneling Detection by Cache-Property-Aware Features

Ishikura

Kondo

Vassiliades

et al. 2021

IEEE Trans. Netw. Serv. Manage.

View full text Add to dashboard Cite

Many enterprises are under threat of targeted attacks aiming at data exfiltration. To launch such attacks, in recent years, attackers with their malware have exploited a covert channel that abuses the domain name system (DNS) named DNS tunneling. Although several research efforts have been made to detect DNS tunneling, the existing methods rely on features that advanced tunneling techniques can easily obfuscate by mimicking legitimate DNS clients. Such obfuscation would result in data leakage. To tackle this problem, we focused on a "trace" left by DNS tunneling that cannot be easily hidden. In the context of data exfiltration by DNS tunneling, the malware connects directly to the DNS cache server and the generated DNS tunneling queries produce cache misses with absolute certainty. In this study, we propose a DNS tunneling detection method based on the cache-property-aware features. Our experiments show that one of the proposed features can efficiently characterize the DNS tunneling traffic. Furthermore, we introduce a rule-based filter and a long short-term memory (LSTM)-based filter using this proposed feature. The rule-based filter achieves a higher rate of DNS tunneling attack detection than the LSTM one, which instead detects the attack more quickly, while both maintain a low misdetection rate.

show abstract

Implementation of content poisoning attack detection and reaction in virtualized NDN networks

Long

Aouadj

Doyen

et al. 2018

View full text Add to dashboard Cite

The orchestration of counter-measures in the context of security incidents remains a challenging task for network operators. The main objective of this demonstration is to present how this orchestration is possible in the context of a virtualized NDN network. Based on an adaptation of the TOSCA topology and orchestration model, it is possible to trigger these countermeasures after the detection of NDN specific attacks. We show how the Montimage Monitoring Tool (MMT) has been adapted to detect typical Content Poisoning Attack (CPA), and how the orchestrator can trigger reactions to mitigate their impact on the network.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Daishi Kondo

Name Filter: A Countermeasure Against Information Leakage Attacks in Named Data Networking

Name anomaly detection for ICN

DNS Tunneling Detection by Cache-Property-Aware Features

Implementation of content poisoning attack detection and reaction in virtualized NDN networks

Contact Info

Product

Resources

About