• Journal of Convergence for Information Technology
• /
• v.9 no.9
• /
• pp.52-57
• /
• 2019

DNS stands for 'Domain Name System' and uses IP addresses to identify devices connected to the network on the network. IP is a protocol that registers and manages aliases such as IPs because it is difficult for general users to remember. In recent years, the abuse of such DNS is increasing abroad, and behind the scenes, called 'DNS pionage,' are developing and evolving new rules and malware. DNSpionage attack is abusing DNS system such as Increasing hacking success rate, leading to fake sites, changing or forged data. As a result it is increasing the damage cases. As the global DNS system is expanding to the extent that it is out of control. Therefore, in this research, the countermeasures of DNSpionage attack is proposed to contribute to build a secure and efficient DNS system.

• Journal of Digital Convergence
• /
• v.13 no.10
• /
• pp.279-285
• /
• 2015

In this paper, we present the design and implementation of a realtime DNS Query Analysis System to detect and to protect from DNS attacks. The proposed system uses mirroring to collect data in DMZ, then analizes the collected data. As a result of the analysis, if the proposed system finds attack information, the information is used as a filtering information of firewall. statistic of the collected data is viewed as a realtime monitoring information on the web. To verify the effictiveness of the proposed system, we have built the proposed system and conducted some experiments. As the result, Our proposed system can be used effectively to defend DNS spoofing, DNS flooding attack, DNS amplification attack, can prevent interior network's attackers from attacking and provides realtime DNS query statistic information and geographic information for monitoring DNS query using GeoIP API and Google API. It can be useful information for ICT convergence and the future work.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.2
• /
• pp.303-311
• /
• 2015

DNS amplification is a new type of DDoS Attack and nowadays the attack occurs frequently. The previous studies showed the several detection ways such as the traffic analysis based on DNS queries and packet size. However, those methods have some limitations such as the uncertainty of packet size which depends on IP address type and vulnerabilities against distributed amplification attack. Therefore, we proposed a novel traffic analyzing algorithm using Success Rate and implemented the query analyzing system.

• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.3
• /
• pp.135-142
• /
• 2017

DDoS (Distributed Denial of Service) exhausts the target server's resources using the large number of zombie pc, As a result normal users don't access to server. DDoS Attacks steadly increase by many attacker, and almost target of the attack is critical system such as IT Service Provider, Government Agency, Financial Institution. In this paper, We will introduce the CNN (Convolutional Neural Network) of deep learning based real-time detection system for DNS amplification Attack (DNS DDoS Attack). We use the dataset which is mixed with collected data in the real environment in order to overcome existing research limits that use only the data collected in the experiment environment. Also, we build a deep learning model based on Convolutional Neural Network (CNN) that is used in pattern recognition.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.23 no.11
• /
• pp.1451-1461
• /
• 2019

DNS spoofing is an attack in which an attacker intervenes in the communication between client and DNS server to deceive DNS server by responding to a fake IP address rather than actual IP address. It is possible to implement a pharming site that hacks user ID and password by duplicating web server's index page and simple web programming. In this paper we have studied web spoofing attack that combines DNS spoofing and pharming site implementation which leads to farming site. We have studied DNS spoofing attack method, procedure and farming site implementation method for portal server of this university. In the case of Kyungsung Portal, bypassing attack and hacking were possible even though the web server was SSL encrypted and secure authentication. Many web servers do not have security measures, and even web servers secured by SSL can be disabled. So it is necessary that these serious risks are to be informed and countermeasures are to be researched.

• Journal of Convergence Society for SMB
• /
• v.4 no.1
• /
• pp.47-53
• /
• 2014

DNS spoofing, the DNS server with the address of a specific web server intercepts them in the process of translating the attacker wants to forge a Web server that is a way to access. ARP spoofing ARP request and response messages for the protocol without authentication vorticity incorrect information as to the ARP Cache Table to store the MAC addresses of their vulnerability using the MAC address of the other computer as if it were a lie technique. These DNS / ARP spoofing attacks in detail to find out about how it looks at ways to prevent. Think about the future research directions.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.4
• /
• pp.729-735
• /
• 2013

The recent issue of distributed denial of service attack paralyze major government and financial institution in internet sites. They threatened to the cyber security. There hasn't been easy defense of now using attack. There seems to be increases in damage. In this paper, The recent continue to evolve of distributed denial of service attack. DNS target of distributed denial of service attack give specific examples. but, DNS target of DDoS attacks about defense is insufficient. The DNS Cyber-shelter system was created based on the Cyber-shelter system for DDoS attack in Kisa.. We proposal DNS Cyber-shelter system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.5
• /
• pp.1141-1151
• /
• 2018

In an APT attack, the communication stage between infected hosts and C&C(Command and Control) server is the key stage for intrusion into the attack target. Attackers can control multiple infected hosts by the C&C Server and direct intrusion and exploitation. If the C&C Server is exposed at this stage, the attack will fail. Therefore, in recent years, the Domain Generation Algorithm (DGA) has replaced DNS in C&C Server with a short time interval for making detection difficult. In particular, it is very difficult to verify and detect all the newly registered DNS more than 5 million times a day. To solve these problems, this paper proposes a model to judge DGA-DNS detection by the morphological similarity analysis of normal DNS and DGA-DNS, and to determine the sign of APT attack through it, then we verify its validity.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.20 no.5
• /
• pp.36-46
• /
• 2019

The number of hosts connected to the Internet has increased dramatically, introducing the Domain Name System(DNS) in 1984. DNS is now an important key point for all users of the Internet by allowing them to use a convenient character address without memorizing a series of numbers of complex IP address. However, relative to the importance of DNS, there still exist many problems such as the authorization allocation issue, the disputes over public registration, security vulnerability such as DNS cache poisoning, DNS spoofing, man-in-the-middle attack, DNS amplification attack, and the need for many domain names in the age of hyper-connected networks. In this paper, to effectively improve these problems of existing DNS, we proposed a method of implementing DNS using distributed ledger technology, blockchain, and implemented using a Ethereum-based platform. In addition, the qualitative analysis performance comparative evaluation of the existing domain name registration and domain name server was conducted, and conducted security assessments on the proposed system to improve security problem of existing DNS. In conclusion, it was shown that DNS services could be provided high security and high efficiently using blockchain.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.32 no.2B
• /
• pp.108-117
• /
• 2007

Recursive DNS is configured as primary or secondary DNS on user PC and performs domain name resolution corresponding user's DNS query. At present, the amount of DNS traffic is occupied high rate in the total internet traffic and the internet traffic would be increased by failure of IPv6 DNS queries and responses as IPv6 transition environment. Also, existing Recursive DNS service mechanisms is unstable on malicious user's attack same as DoS/DDoS Attack and isn't provide to user trust DNS service fail-over. In this paper, we propose IPv6 Recursive DNS service mechanisms for based on anycast for improving stability. It is that fail-over Recursive DNS is configured IPv6 Anycast address for primary Recursive DNS's foil-over. this mechanisms increases reliability and resiliency to DoS/DDoS attacks and reduces query latency and helps minimize DNS traffic as inducing IPv6 address.