Title :
IP Traceback Using DNS Logs against Bots
Author :
Takemori, Keisuke ; Fujinaga, Masahiko ; Sayama, Toshiya ; Nishigaki, Masakatsu
Author_Institution :
KDDI R&D Labs. Inc., Fujimino
Abstract :
Source IP spoofing attacks are critical issues to the Internet. These attacks are considered to be sent from bot infected hosts. There has been active research on IP traceback technologies. However, the traceback from an end victim host to an end spoofing host has not yet been achieved, due to the lack of traceback probes installed on each routing path. There is a need to replace alternative probes in order to reduce the installation cost. In this research, we propose an IP tracking scheme against bots using the DNS logs. Many types of bots retrieve IP addresses from fully qualified domain names (FQDNs) at the beginning of communication. The proposed scheme checks from the destination to the source DNS logs, in order to extract the bots. Also, we propose means to distinguish spoofing from non-spoofing attacks, and how to obtain reliable of tracking results. We collect bot communication patterns to confirm that the DNS log can be used for reasonable probes and for achieving a high tracking success rate.
Keywords :
IP networks; Internet; invasive software; telecommunication network routing; telecommunication security; DNS log; IP traceback technology; Internet; bot communication pattern; bot infected host; fully qualified domain name; routing path; source IP spoofing attack; Application software; Cities and towns; Computer science; Costs; Internet; Laboratories; Privacy; Probes; Research and development; Routing; Bot; DNS log; IP spoofing attack; IP traceback;
Conference_Titel :
Computer Science and its Applications, 2008. CSA '08. International Symposium on
Conference_Location :
Hobart, ACT
Print_ISBN :
978-0-7695-3428-2
DOI :
10.1109/CSA.2008.43
