Browsed by
Tag: proactive detection

Threat Identification Using Active DNS Measurements

Threat Identification Using Active DNS Measurements

The DNS is a core service for the Internet. Most uses of the DNS are benign, but some are malicious. Attackers often use a DNS do- main to enable an attack (e.g. DDoS attacks). Detection of these attacks often happens passively, but this leads to a reactive detection of attacks. However, registering and configuring a domain takes time. We want to pro-actively identify malicious domains during this time. Identifying ma- licious domains before they are used allows to pre-emptively stop…

Read More Read More

TIDE: Threat Identification Using Active DNS Measurements, poster submission to SIGCOMM 2017

TIDE: Threat Identification Using Active DNS Measurements, poster submission to SIGCOMM 2017

The Domain Name System contains a wealth of information about the security, stability and health of the Internet. Most research that leverages the DNS for detection of malicious activities does so by using passive measurements. The limitation of this approach, however, is that it is effective only once an attack is ongoing. In this paper, we explore a different approach. We advocate the use of active DNS measurements for pro-active (i.e., before the actual attack) identification of domains set up…

Read More Read More