• Journal of Korea Society of Digital Industry and Information Management
• /
• v.6 no.4
• /
• pp.95-105
• /
• 2010

DNS(Domain Name System) is a huge distributed database that converts host name to IP address. We are expecting the importance of DNS is more increased because many Internet application services appear according to the continuous increase of Internet users and nearly all the Internet application services use DNS. To prevent the interruption of DNS service, DNS server is configured with primary DNS server and a secondary DNS server which takes the place of primary DNS server in case of the service interruption. But this scheme is difficult for providing DNS service constantly in case of DDoS attack, which brings about much network load or network problems in DNS server group. Therefore, This paper proposed the scheme to locally distribute load of DNS server, and the use of address system to group the distributed DNS servers. Also, it proposed the authentication scheme of the correspondent server in case the server is changed in DNS server group having grouping address. In this paper, it is shown that the prosed scheme guarantees the improved service reliability with maintaining the present service performance through the evaluation. Through this, we can expect the high improved DNS service can be provided in the Internet environment in the future.

• The KIPS Transactions:PartC
• /
• v.15C no.4
• /
• pp.227-238
• /
• 2008

As the internet users rise up rapidly, DNS information forgery can cause severe socio-economic damages. However, most studies on DNS information security reached the breaking point in applying to actual circumstances because of the limit of existing DNS system version, the increasement of management burden and etc. The paper proposes the real-time method for detecting cache poisoning of DNS system independent of analysing the DNS forgery types in the current DNS service environment. It also proposes the method of enhancing the reliability for the cache information of Recursive DNS system by post-verifying the cache information of the DNS system.

• Journal of Digital Convergence
• /
• v.13 no.10
• /
• pp.279-285
• /
• 2015

In this paper, we present the design and implementation of a realtime DNS Query Analysis System to detect and to protect from DNS attacks. The proposed system uses mirroring to collect data in DMZ, then analizes the collected data. As a result of the analysis, if the proposed system finds attack information, the information is used as a filtering information of firewall. statistic of the collected data is viewed as a realtime monitoring information on the web. To verify the effictiveness of the proposed system, we have built the proposed system and conducted some experiments. As the result, Our proposed system can be used effectively to defend DNS spoofing, DNS flooding attack, DNS amplification attack, can prevent interior network's attackers from attacking and provides realtime DNS query statistic information and geographic information for monitoring DNS query using GeoIP API and Google API. It can be useful information for ICT convergence and the future work.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.32 no.2B
• /
• pp.108-117
• /
• 2007

Recursive DNS is configured as primary or secondary DNS on user PC and performs domain name resolution corresponding user's DNS query. At present, the amount of DNS traffic is occupied high rate in the total internet traffic and the internet traffic would be increased by failure of IPv6 DNS queries and responses as IPv6 transition environment. Also, existing Recursive DNS service mechanisms is unstable on malicious user's attack same as DoS/DDoS Attack and isn't provide to user trust DNS service fail-over. In this paper, we propose IPv6 Recursive DNS service mechanisms for based on anycast for improving stability. It is that fail-over Recursive DNS is configured IPv6 Anycast address for primary Recursive DNS's foil-over. this mechanisms increases reliability and resiliency to DoS/DDoS attacks and reduces query latency and helps minimize DNS traffic as inducing IPv6 address.

• The Journal of the Korea Contents Association
• /
• v.7 no.12
• /
• pp.273-282
• /
• 2007

The Domain Name System (DNS) is the core system for managing Internet address resources, providing the most fundamental naming service. Currently, the DNS is classified into a tree structure. In this structure, it is difficult to normally access to the lower DNS, when there is an error in the upper DNS. Such a risk still remains even when a supplementary DNS is operated. However, due to the merit of the DNS enabling fast searches, it is impracticable to abandon the current tree structure. To efficiently correspond to DNS errors, this study suggests a method where the merit of the current tree structure is kept, while a temporary operation of the local DNS is available when errors occur by adding a horizontal and independent DNS structure.

• Journal of Communications and Networks
• /
• v.11 no.4
• /
• pp.416-427
• /
• 2009

Domain name system (DNS) is a primary identification mechanism for Internet applications. However, DNS resolutions often take an unbearably long time, and this could seriously impair the consistency of the service quality of Internet applications based on DNS such as World Wide Web. Several approaches reduce DNS resolution time by proactively refreshing expired cached records or prefetching available records beforehand, but these approaches have an inherent problem in that they cause additional DNS traffic. In this paper, we propose a DNS resolution time reduction scheme, named renewal using piggyback (RUP), which refreshes expired cached records by piggybacking them onto solicited DNS queries instead of by issuing additional DNS queries. This method decreases both DNS resolution time and DNS traffic since it reduces the number of queries generated to handle a given DNS resolution without generating additional DNS messages. Simulation results based on two large independent DNS traces show that our proposed approach much reduces not only the DNS resolution time but also the DNS traffic.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.2
• /
• pp.303-311
• /
• 2015

DNS amplification is a new type of DDoS Attack and nowadays the attack occurs frequently. The previous studies showed the several detection ways such as the traffic analysis based on DNS queries and packet size. However, those methods have some limitations such as the uncertainty of packet size which depends on IP address type and vulnerabilities against distributed amplification attack. Therefore, we proposed a novel traffic analyzing algorithm using Success Rate and implemented the query analyzing system.

• KIPS Transactions on Computer and Communication Systems
• /
• v.1 no.1
• /
• pp.55-60
• /
• 2012

Recent botnets are widely using the DNS services at the connection of C&C server in order to evade botnet's detection. It is necessary to study on DNS analysis in order to counteract anomaly-based technique using the DNS. This paper studies collection of DNS traffic for experimental data and supervised learning for DNS traffic-based malicious domain classification such as query of domain name corresponding to C&C server from zombies. Especially, this paper would aim to determine significant features of DNS-based classification system for malicious domain extraction by the Principal Component Analysis(PCA).

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.17 no.1
• /
• pp.90-100
• /
• 2013

Active-Standby Duplication Techniques are conventionally used for fault-tolerant systems. But in this paper we researched on the Active-Active Duplication Techniques for Fault-tolerant DNS System. Our Active-Active Duplication made the 1st DNS periodically copied to the 2nd DNS and maintained the same status by using Rsync and Crontab. Even though the 1st or the 2nd DNS stops due to some critical errors, the remaining DNS can take over and provide continuous services.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.37B no.11
• /
• pp.1082-1089
• /
• 2012

Recent malicious attempts in Cyber space are intended to emerge national threats such as Suxnet as well as to get financial benefits through a large pool of comprised botnets. The evolved botnets use the Domain Name System(DNS) to communicate with the C&C server and zombies. DNS is one of the core and most important components of the Internet and DNS traffic are continually increased by the popular wireless Internet service. On the other hand, domain names are popular for malicious use. This paper studies on DNS-based cyber threats domain detection by data classification based on supervised learning. Furthermore, the developed cyber threats domain detection system using DNS traffic analysis provides collection, analysis, and normal/abnormal domain classification of huge amounts of DNS data.