An Experimental Study on Name Resolution History Basis Abnormal Detection and Blocking Using SDN and DNS RPZ

IR (HANDLE) Open Access

Bibliographic Information

Other Title
  • SDNとDNS RPZを用いた名前解決記録に基づく異常通信の検知・遮断方法の一検討

Description

Most of the network applications communicate to the servers with the destination IP addresses obtained by prior the name resolution process using Domain Name System (DNS). However, some malware directly communicate with the C & C servers with hard-coded destination IP addresses without performing the prior name resolution using DNS. In this paper, we purpose a detection and blocking system for such communication. In the proposed system, we use DNS Response Policy Zone (RPZ) feature and Software Defined Network (SDN) technology and implement a prototype system. Based on the evaluation results on some communication protocols, we confirm that the proposed system can detect and block the traffic without the prior DNS name resolution as we expected.

Journal

Keywords

Details 詳細情報について

  • CRID
    1050856738261919232
  • ISSN
    24326380
    09135685
  • HANDLE
    2115/86960
  • Text Lang
    ja
  • Article Type
    journal article
  • Data Source
    • IRDB

Report a problem

Back to top