University of Twente Student Theses


Proactively detecting crafted domains using active DNS measurements

Hendriks, C. (2020) Proactively detecting crafted domains using active DNS measurements.

[img] PDF
Abstract:Distributed Denial-of-Service (DDoS) attacks are a major threat in today’s Internetlandscape, affecting all kinds of services, from banks and telecommunication providers tosocial media platforms and gaming servers. In a Domain Name System (DNS) amplifica-tion attack, a popular type of DDoS attack, adversaries exploit the DNS infrastructure inorder to amplify minor queries into becoming large responses towards their victim. In aprocess called crafting, attackers register domains and inflate them with different kinds ofResource Records (RRs) in order to guarantee a large response. Existing mitigation meth-ods and previous studies often rely on passive DNS data or network packets from historicattacks in order to mitigate the effects of DNS amplification attacks. This prevents thosemethods from detecting newly crafted domains at an early stage. By combiningactiveDNS measurements that cover over 60% of the DNS namespace with machine learning, weare able to detect crafted domains proactively. Our results show that the proposed methodcan detect over 92% of the crafted domains without miss-classifying any benign domain.Furthermore, this approach allows for a detection of crafted domains up to 540 days beforethey are misused in an attack.
Item Type:Essay (Master)
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Subject:54 computer science
Programme:Computer Science MSc (60300)
Link to this item:
Export this item as:BibTeX
HTML Citation
Reference Manager


Repository Staff Only: item control page