Name
Abstract | ||
|---|---|---|
The open resolver, which provides resolution services for the public without verifying user identities, is a critical component of the Domain Name System (DNS). In reality, users have natural trust in public resolution services, which is unilateral and unreliable due to the existence of open resolvers which tamper with the user’s DNS requests to the wrong IP addresses on the Internet. This tampering behavior has strong concealment which is difficult to be detected by users or security researchers. Therefore, it is exactly essential to discover such malicious behavior in time when combating cyber attackers. The traditional solution is to use the IP addresses of malicious open resolvers for blacklist defense, which is simple to implement but has disadvantages of false positives and false negatives. In this paper, we propose a method based on deep learning, namely Byte-level Autoencoder, to implement the detection of malicious open resolvers without the complex manual feature extraction process. Our work is the first study to detect malicious open resolvers in this field, based on the similarity of normal DNS messages. Experimental results show that our method has a high accuracy of 98.83%, a high precision of 97.84% and a low false positive rate of 0.11%, which verifies the effectiveness of our method. |
Year | DOI | Venue |
|---|---|---|
2022 | 10.1109/CSCWD54268.2022.9776266 | 2022 IEEE 25th International Conference on Computer Supported Cooperative Work in Design (CSCWD) |
Keywords | DocType | ISBN |
Domain Name System,Open Resolver,Autoen-coder,Detection | Conference | 978-1-6654-0763-2 |
Citations | PageRank | References |
0 | 0.34 | 9 |
Authors | ||
5 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Chaoqun Li | 1 | 0 | 0.34 |
| Liang Dai | 2 | 0 | 1.01 |
| Delin Kong | 3 | 0 | 0.34 |
| Zhen Xu | 4 | 21 | 17.33 |
| Yanni Han | 5 | 1 | 1.03 |