Classifying DNS Servers based on Response Message Matrix using Machine Learning

• URL: http://arxiv.org/abs/2111.05034v1
• Date: Tue, 9 Nov 2021 10:20:17 GMT
• Title: Classifying DNS Servers based on Response Message Matrix using Machine Learning
• Authors: Keiichi Shima, Ryo Nakamura, Kazuya Okada, Tomohiro Ishihara, Daisuke Miyamoto, Yuji Sekiya
• Abstract summary: We propose a detection mechanism for DNS servers used as reflectors by using a DNS server feature matrix built from a small number of packets and a machine learning algorithm. The F1 score of bad DNS server detection was more than 0.9 when the test and training data are generated within the same day, and more than 0.7 for the data not used for the training and testing phase of the same day.
• Score: 1.898617934078969
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Improperly configured domain name system (DNS) servers are sometimes used as packet reflectors as part of a DoS or DDoS attack. Detecting packets created as a result of this activity is logically possible by monitoring the DNS request and response traffic. Any response that does not have a corresponding request can be considered a reflected message; checking and tracking every DNS packet, however, is a non-trivial operation. In this paper, we propose a detection mechanism for DNS servers used as reflectors by using a DNS server feature matrix built from a small number of packets and a machine learning algorithm. The F1 score of bad DNS server detection was more than 0.9 when the test and training data are generated within the same day, and more than 0.7 for the data not used for the training and testing phase of the same day.

Related papers

• MTDNS: Moving Target Defense for Resilient DNS Infrastructure [2.8721132391618256]
  DNS (Domain Name System) is one of the most critical components of the Internet. Researchers have been constantly developing methods to detect and defend against the attacks against DNS. Most solutions discard packets for defensive approaches, which can cause legitimate packets to be dropped. We propose MTDNS, a resilient MTD-based approach that employs Moving Target Defense techniques.
  arXiv  Detail & Related papers  (2024-10-03T06:47:16Z)
• Guardians of DNS Integrity: A Remote Method for Identifying DNSSEC Validators Across the Internet [0.9319432628663636]
  We propose a novel technique for identifying DNSSEC-validating resolvers. We find that while most open resolvers are DNSSEC-enabled, less than 18% in IPv4 (38% in IPv6) validate received responses.
  arXiv  Detail & Related papers  (2024-05-30T08:58:18Z)
• Fact Checking Beyond Training Set [64.88575826304024]
  We show that the retriever-reader suffers from performance deterioration when it is trained on labeled data from one domain and used in another domain. We propose an adversarial algorithm to make the retriever component robust against distribution shift. We then construct eight fact checking scenarios from these datasets, and compare our model to a set of strong baseline models.
  arXiv  Detail & Related papers  (2024-03-27T15:15:14Z)
• TI-DNS: A Trusted and Incentive DNS Resolution Architecture based on Blockchain [8.38094558878305]
  Domain Name System (DNS) is vulnerable to some malicious attacks, including DNS cache poisoning. This paper presents TI-DNS, a blockchain-based DNS resolution architecture designed to detect and correct the forged DNS records. TI-DNS is easy to be adopted as it only requires modifications to the resolver side of current DNS infrastructure.
  arXiv  Detail & Related papers  (2023-12-07T08:03:10Z)
• Detection of Malicious DNS-over-HTTPS Traffic: An Anomaly Detection Approach using Autoencoders [0.0]
  We design an autoencoder that is capable of detecting malicious DNS traffic by only observing the encrypted DoH traffic. We find that our proposed autoencoder achieves the highest detection performance, with a median F-1 score of 99% over several types of malicious traffic.
  arXiv  Detail & Related papers  (2023-10-17T15:03:37Z)
• A cross-domain recommender system using deep coupled autoencoders [77.86290991564829]
  Two novel coupled autoencoder-based deep learning methods are proposed for cross-domain recommendation. The first method aims to simultaneously learn a pair of autoencoders in order to reveal the intrinsic representations of the items in the source and target domains. The second method is derived based on a new joint regularized optimization problem, which employs two autoencoders to generate in a deep and non-linear manner the user and item-latent factors.
  arXiv  Detail & Related papers  (2021-12-08T15:14:26Z)
• Unsupervised Out-of-Domain Detection via Pre-trained Transformers [56.689635664358256]
  Out-of-domain inputs can lead to unpredictable outputs and sometimes catastrophic safety issues. Our work tackles the problem of detecting out-of-domain samples with only unsupervised in-domain data. Two domain-specific fine-tuning approaches are further proposed to boost detection accuracy.
  arXiv  Detail & Related papers  (2021-06-02T05:21:25Z)
• Robust wav2vec 2.0: Analyzing Domain Shift in Self-Supervised Pre-Training [67.71228426496013]
  We show that using target domain data during pre-training leads to large performance improvements across a variety of setups. We find that pre-training on multiple domains improves performance generalization on domains not seen during training.
  arXiv  Detail & Related papers  (2021-04-02T12:53:15Z)
• DNS Tunneling: A Deep Learning based Lexicographical Detection Approach [1.3701366534590496]
  DNS Tunneling is attractive to hackers who exploit it to establish bidirectional communication with machines infected with malware. The present work proposes a detection approach based on a Convolutional Neural Network (CNN) with a minimal architecture complexity. Despite its simple architecture, the resulting CNN model correctly detected more than 92% of total Tunneling domains with a false positive rate close to 0.8%.
  arXiv  Detail & Related papers  (2020-06-11T00:10:13Z)
• Automating Botnet Detection with Graph Neural Networks [106.24877728212546]
  Botnets are now a major source for many network attacks, such as DDoS attacks and spam. In this paper, we consider the neural network design challenges of using modern deep learning techniques to learn policies for botnet detection automatically.
  arXiv  Detail & Related papers  (2020-03-13T15:34:33Z)
• PyODDS: An End-to-end Outlier Detection System with Automated Machine Learning [55.32009000204512]
  We present PyODDS, an automated end-to-end Python system for Outlier Detection with Database Support. Specifically, we define the search space in the outlier detection pipeline, and produce a search strategy within the given search space. It also provides unified interfaces and visualizations for users with or without data science or machine learning background.
  arXiv  Detail & Related papers  (2020-03-12T03:30:30Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.