Title :
Detection of Kaminsky DNS Cache Poisoning Attack
Author :
Musashi, Yasuo ; Kumagai, Masaya ; Kubota, Shinichiro ; Sugitani, Kenichi
Author_Institution :
Center for Multimedia & Inf. Technol., Kumamoto Univ., Kumamoto, Japan
Abstract :
We statistically investigated the total inbound standard DNS resolution traffic from the Internet to the top domain DNS server in a university campus network through January 1st to December 31st, 2010. The following results are obtained: (1) We found five Kaminsky DNS Cache Poisoning (Kaminsky) attacks in observation of rapid decrease in the unique source IP address based entropy of the DNS query request packet traffic and significant increase in the unique DNS query keyword based one. (2) Also, we found nine Kaminsky attacks in the score changes for detection method using the calculated restricted Damerau-Levenshtein distance (restricted edit distance) between the observed current query keyword and the last one by employing both threshold ranges through 1 to 40. Therefore, it has a possibility that the restricted Damerau-Levenshtein distance based detection technology can detect the Kaminsky attacks.
Keywords :
Internet; computer network security; DNS query keyword; DNS query request packet traffic; DNS resolution traffic; DNS server; Damerau-Levenshtein distance; IP address based entropy; Internet; Kaminsky DNS cache poisoning attack; domain name service; university campus network; Computer crime; Educational institutions; Entropy; Estimation; IP networks; Internet; Servers; DNS cache poisoning attack; Kaminsky attack detection; Phishing;
Conference_Titel :
Intelligent Networks and Intelligent Systems (ICINIS), 2011 4th International Conference on
Conference_Location :
Kunming
Print_ISBN :
978-1-4577-1626-3
DOI :
10.1109/ICINIS.2011.18
