A Detection Method Against DNS Cache Poisoning Attacks Using Machine Learning Techniques: Work in Progress

Jin, Yong; Tomoishi, Masahiko; Matsuura, Shinya

doi:10.1109/nca.2019.8935025

Cited by 12 publications

(7 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For example, the DNSSEC adds two important features to DNS, which are data origin authentication and data integrity protection. Tese two approaches are used to verify that the requests for a DNS record comes from its authoritative name server and was not spoofed or manipulated in the request process [32,33]. However, as the registry control of DNS is under ICANN [34], which means that no other organization will be able to control them, it is undeniable that the DNS is a highly centralized system, with the risks of server breakdown and man-made damage.…”

Section: Infuencementioning

confidence: 99%

The Review and Comparison between Centralized and Decentralized Digital Identity Systems

Li,

Jing,

Guan

2024

Mobile Information Systems

View full text Add to dashboard Cite

The growing capability of the digital world empowers physical objects to possess much more digital assets than they ever had, and the concepts of the Internet of Things and the Industrial Internet are coming out continually. Digital identity, a unique mark of two-way mapping, dynamic interaction between physical and virtual objects, is one of the fundamental elements among these novel concepts because it is the only way to distinguish each other from hundreds of millions of digital objects. In order to create a world with everything connected on the Internet, plenty of digital identity-orientated systems were raised, and new frameworks are emerging iteratively. To the best of our knowledge, this review lists some of the most applicable digital identity-based solutions by giving mechanism, digital identity solution, feature, and comparison between these models.

show abstract

Section: Infuencementioning

confidence: 99%

The Review and Comparison between Centralized and Decentralized Digital Identity Systems

Li,

Jing,

Guan

2024

Mobile Information Systems

View full text Add to dashboard Cite

show abstract

“…Third, the scheme is applied to a month's worth of DNS data from the two enterprises and compared the outcomes in contrast to blacklists and firewall logs to demonstrate the scheme's capability of spotting distributed attacks that may be missed by legacy techniques while still maintaining decent real-time performance (Lyu et al, 2021). Jin et al (2019) suggested a unique detection technique for defending against DNS cache poisoning threats using ML methods. Jin et al (2019) seeks to add a significant number of additional characteristics to the suggested technique besides the fundamental 5-tuple information of a DNS packet that has been retrieved depending on the ordinary DNS protocol and the heuristic aspects.…”

Section: Related Workmentioning

confidence: 99%

Improved Intrusion Detection System to Alleviate Attacks on DNS Service

Al-Mimi,

Hamad,

Abualhaj

et al. 2023

Journal of Computer Science

View full text Add to dashboard Cite

Cybercriminals continuously devise new and more sophisticated ways to attack their targets' security and cyberattacks are on the rise. One of the earliest and most vulnerable network services is the Domain Name System (DNS), which has had several security issues that have been repeatedly exploited over time. Building a strong Intrusion Detection System (IDS) that guards against unwanted access to network resources is essential to identify DNS attacks in the network and safeguard data. Recently, a number of interesting approaches have been developed as a cure-all for intrusion detection, but constructing a safe DNS system remains difficult because attackers frequently alter their tactics to move around the system's security measures. In this study, we provide a self-learning model that detects the new attacks on DNS using machine learning classifiers. Support Vector Machine (SVM), K-nearest neighbor, Naive Bayes, and Decision Tree are used in the proposed model to classify data as intrusive or normal. The UNSW_NB15 dataset is used to assess the model performance. Data are preprocessed to eliminate irrelevant attributes from the dataset given that the dimensions of the data affect the success of an IDS. Empirical findings show that SVM and Decision Tree have the best performance for all the classifiers, with an accuracy rate of 99.99%. The performance of Naive Bayes is 99.89% for all attack types, which is the lowest of all the classifiers.

show abstract

“…Finally, the role of machine learning in assessing security aspects and detecting various attacks, which has been discussed in the related work, can also be useful for our future work specifically with respect to noncompliant transitions. Jin, Tomoishi, and Matsuura [40], for example, make use of machine learning to detect cache poisoning in DNS, specifically those caused by compromised name servers. In the context of Web PKI, Dong, Kane, and Camp [41] define a set of features to describe X.509 and apply deep neural networks to detect rogue certificates.…”

Section: Related Workmentioning

confidence: 99%

From the Beginning: Key Transitions in the First 15 Years of DNSSEC

Osterweil

Tehrani

Schmidt

et al. 2022

IEEE Trans. Netw. Serv. Manage.

View full text Add to dashboard Cite

When the global rollout of the DNS Security Extensions (DNSSEC) began in 2005, a first-of-its-kind trial started: The complexity of a core Internet protocol was magnified in favor of better security for the overall Internet. Thereby, the scale of the loosely-federated delegation in DNS became an unprecedented cryptographic key management challenge. Though fundamental for current and future operational success, our community lacks a clear notion of how to empirically evaluate the process of securely transitioning keys.In this paper, we propose two building blocks to formally characterize and assess key transitions. First, the anatomy of key transitions, i.e., measurable and well-defined properties of key changes; and second, a novel classification model based on this anatomy for describing key transition practices in abstract terms. This abstraction allows for classifying operational behavior. We apply our proposed transition anatomy and transition classes to describe the global DNSSEC deployment. Specifically, we use measurements from the first 15 years of the DNSSEC rollout to detect and understand which key transitions have been used to what degree and which rates of errors and warnings occurred. In contrast to prior work, we consider all possible transitions and not only 1:1 key rollovers. Our results show measurable gaps between prescribed key management processes and key transitions in the wild. We also find evidence that such noncompliant transitions are needed in operations.

show abstract

A Detection Method Against DNS Cache Poisoning Attacks Using Machine Learning Techniques: Work in Progress

Cited by 12 publications

References 3 publications

The Review and Comparison between Centralized and Decentralized Digital Identity Systems

The Review and Comparison between Centralized and Decentralized Digital Identity Systems

Improved Intrusion Detection System to Alleviate Attacks on DNS Service

From the Beginning: Key Transitions in the First 15 Years of DNSSEC

Contact Info

Product

Resources

About