The Experts below are selected from a list of 288 Experts worldwide ranked by ideXlab platform
Maryline Laurent - One of the best experts on this subject based on the ideXlab platform.
-
Analyzing Internet DNS(SEC) traffic with R for resolving platform optimization
2014Co-Authors: Emmanuel Herbert, Stanislas Francfort, Daniel Migault, Stéphane SÉnÉcal, Maryline LaurentAbstract:This chapter proposes to use data mining methods implemented via R in order to analyze the Domain Name System (DNS) traffic and to develop innovative techniques for balancing the DNS traffic according to Fully Qualified Domain Names (FQDN) rather than according to the Internet Protocol (IP) addresses. With DNS traffic doubling every year and the deployment of its secure extension DNSSEC, DNS resolving platforms require more and more CPU and memory resources. After characterizing the DNS(SEC) traffic thanks to reduction in dimension and clustering methods implemented with R functions and packages, we propose techniques to balance the DNS traffic among the DNS platform servers based on the FQDN. Several methods are considered to build the FQDN-based routing table: K-means clustering algorithm, mixed integer linear programming, and a heuristic scheme. These load balancing approaches are run, and evaluated with R on real DNS traffic data extracted from an operational network of an Internet Service Provider. They result in reducing the platform CPU resources by 30% with a difference of less than 2% CPU between the servers of a platform
-
Overcoming DNSSEC performance issues with DHT-based architectures
IM '13 : IFIP IEEE International Symposium on Integrated Network Management, 2013Co-Authors: Daniel Migault, Stanislas Francfort, Stéphane SÉnÉcal, Emmanuel Herbert, Maryline LaurentAbstract:DNSSEC deployment for large Internet Service Provider (ISP) is an important issue. With the current architecture, migration of current DNS resolving platform requires 5 times more nodes. This paper introduces alternative architectures where the DNS traffic is split between the nodes of the platform according to the queried Fully Qualified Domain Names (FQDNs), rather than the IP addresses of the queries. We show that such type of architecture requires up to 30% less nodes. However, this load balancing technic results in a non uniform distribution of the resources among the nodes of the platform. Furthermore, operational teams are reluctant to modify the existing load balancing infrastructure. Thus, we investigate how pro-active caching over a Distributed Hash Table (DHT) protocol, can optimize the resources of an ISP operational DNSSEC resolving platform. We find out that it can reduce the number of nodes by 3:5.
-
Routing tables building methods for increasing DNS(SEC) resolving platforms efficiency
IM '13 : IFIP IEEE International Symposium on Integrated Network Management, 2013Co-Authors: Emmanuel Herbert, Stanislas Francfort, Daniel Migault, Stéphane SÉnÉcal, Maryline LaurentAbstract:This paper proposes to use optimization and machine learning methods in order to develop innovative techniques for balancing the DNS(SEC) traffic according to Fully Qualified Domain Names (FQDN), rather than according to the IP addresses. With DNS traffic doubling every year and the deployment of its secure extension DNSSEC, DNS resolving platforms require more and more resources. A way to cope with these increasing resources demands is to balance the DNS traffic among the DNS platform servers based on the queried FQDNs. Several methods are considered to build a FQDN based routing table: mixed integer linear programming (MILP), a Kmeans clustering algorithm and a heuristic scheme. These load balancing approaches are run and evaluated on real DNS traffic data extracted from the operational IP network of an Internet Service Provider (ISP) and they result in a difference of less than 2% CPU between the servers of a platform.
-
IM - Overcoming DNSSEC performance issues with DHT-based architectures
2013Co-Authors: Daniel Migault, Stanislas Francfort, Stéphane SÉnÉcal, Emmanuel Herbert, Maryline LaurentAbstract:DNSSEC deployment for large Internet Service Provider (ISP) is an important issue. With the current architecture, the migration of current DNS resolving platforms requires 5 times more nodes. This paper introduces alternative architectures where the DNS traffic is split between the nodes of the platform according to the queried Fully Qualified Domain Names (FQDN), rather than the IP addresses of the queries. We show that such type of architecture requires up to 30% less nodes. However, this load balancing techniques results in a non-uniform distribution of the resources among the nodes of the platform. Furthermore, operational teams are reluctant to modify the existing load balancing infrastructure. Thus, we investigate how pro-active caching over a Distributed Hash Table (DHT) protocol, can optimize the resources of an ISP operational DNSSEC resolving platform. We find out that it can reduce the number of nodes by 3.5.
-
(2013)" Routing Tables Building Methods for Increasing DNS(SEC) Resolving Platforms Efficiency
2013Co-Authors: Emmanuel Herbert, Stanislas Francfort, Daniel Migault, Stéphane SÉnÉcal, Maryline LaurentAbstract:Abstract—This paper proposes to use optimization and machine learning methods in order to develop innovative techniques for balancing the DNS(SEC) traffic according to Fully Qualified Domain Names (FQDN), rather than according to the IP addresses. With DNS traffic doubling every year and the deployment of its secure extension DNSSEC, DNS resolving platforms require more and more resources. A way to cope with these increasing resources demands is to balance the DNS traffic among the DNS platform servers based on the queried FQDNs. Several methods are considered to build a FQDN based routing table: mixed integer linear programming (MILP), a K-means clustering algorithm and a heuristic scheme. These load balancing approaches are run and evaluated on real DNS traffic data extracted from the operational IP network of an Internet Service Provider (ISP) and they result in a difference of less than 2 % CPU between the servers of a platform
Masataka Ohta - One of the best experts on this subject based on the ideXlab platform.
-
secure glue a cache and zone transfer considering automatic renumbering
Computer Software and Applications Conference, 2015Co-Authors: Kenji Fujikawa, Hiroaki Harai, Masataka OhtaAbstract:Domain Name System (DNS) is the most widely used name resolution system for computers and services in the Internet. The number of Domain name registrations is reaching 276 million across all top level Domains (TLDs) today and the DNS query count is increasing year over year. The main reason of the high DNS query count is the increase of out-of-bailiwick Domain name delegation since it (NS without glue A record) makes the client send extra DNS queries for the glue A record. On the other hand, the master/slave model is not compatible with address renumbering in DNS since the master is indicated by its IP address in the slave. Thus it is necessary to redesign the current DNS protocol considering lower name resolution latency as well as the enhancement of automatic convergence after the address renumbering for the effective and sustained name resolution service. In this paper, we propose two mechanisms: one is the secure glue A cache and update to reduce the name resolution latency by cutting the DNS query count with low security risk, the other is the automatic zone transfer which automatically recovers the DNS based on FQDN (Fully Qualified Domain Name) after address renumbering. We successFully implemented the prototype in Linux as an extended form of BIND (Berkeley Internet Name Domain). The evaluation results confirmed approximately 25% down of the DNS query count and the successful automatic DNS recovery after address renumbering.
-
COMPSAC - Secure Glue: A Cache and Zone Transfer Considering Automatic Renumbering
2015 IEEE 39th Annual Computer Software and Applications Conference, 2015Co-Authors: Kenji Fujikawa, Hiroaki Harai, Masataka OhtaAbstract:Domain Name System (DNS) is the most widely used name resolution system for computers and services in the Internet. The number of Domain name registrations is reaching 276 million across all top level Domains (TLDs) today and the DNS query count is increasing year over year. The main reason of the high DNS query count is the increase of out-of-bailiwick Domain name delegation since it (NS without glue A record) makes the client send extra DNS queries for the glue A record. On the other hand, the master/slave model is not compatible with address renumbering in DNS since the master is indicated by its IP address in the slave. Thus it is necessary to redesign the current DNS protocol considering lower name resolution latency as well as the enhancement of automatic convergence after the address renumbering for the effective and sustained name resolution service. In this paper, we propose two mechanisms: one is the secure glue A cache and update to reduce the name resolution latency by cutting the DNS query count with low security risk, the other is the automatic zone transfer which automatically recovers the DNS based on FQDN (Fully Qualified Domain Name) after address renumbering. We successFully implemented the prototype in Linux as an extended form of BIND (Berkeley Internet Name Domain). The evaluation results confirmed approximately 25% down of the DNS query count and the successful automatic DNS recovery after address renumbering.
Kenji Fujikawa - One of the best experts on this subject based on the ideXlab platform.
-
secure glue a cache and zone transfer considering automatic renumbering
Computer Software and Applications Conference, 2015Co-Authors: Kenji Fujikawa, Hiroaki Harai, Masataka OhtaAbstract:Domain Name System (DNS) is the most widely used name resolution system for computers and services in the Internet. The number of Domain name registrations is reaching 276 million across all top level Domains (TLDs) today and the DNS query count is increasing year over year. The main reason of the high DNS query count is the increase of out-of-bailiwick Domain name delegation since it (NS without glue A record) makes the client send extra DNS queries for the glue A record. On the other hand, the master/slave model is not compatible with address renumbering in DNS since the master is indicated by its IP address in the slave. Thus it is necessary to redesign the current DNS protocol considering lower name resolution latency as well as the enhancement of automatic convergence after the address renumbering for the effective and sustained name resolution service. In this paper, we propose two mechanisms: one is the secure glue A cache and update to reduce the name resolution latency by cutting the DNS query count with low security risk, the other is the automatic zone transfer which automatically recovers the DNS based on FQDN (Fully Qualified Domain Name) after address renumbering. We successFully implemented the prototype in Linux as an extended form of BIND (Berkeley Internet Name Domain). The evaluation results confirmed approximately 25% down of the DNS query count and the successful automatic DNS recovery after address renumbering.
-
COMPSAC - Secure Glue: A Cache and Zone Transfer Considering Automatic Renumbering
2015 IEEE 39th Annual Computer Software and Applications Conference, 2015Co-Authors: Kenji Fujikawa, Hiroaki Harai, Masataka OhtaAbstract:Domain Name System (DNS) is the most widely used name resolution system for computers and services in the Internet. The number of Domain name registrations is reaching 276 million across all top level Domains (TLDs) today and the DNS query count is increasing year over year. The main reason of the high DNS query count is the increase of out-of-bailiwick Domain name delegation since it (NS without glue A record) makes the client send extra DNS queries for the glue A record. On the other hand, the master/slave model is not compatible with address renumbering in DNS since the master is indicated by its IP address in the slave. Thus it is necessary to redesign the current DNS protocol considering lower name resolution latency as well as the enhancement of automatic convergence after the address renumbering for the effective and sustained name resolution service. In this paper, we propose two mechanisms: one is the secure glue A cache and update to reduce the name resolution latency by cutting the DNS query count with low security risk, the other is the automatic zone transfer which automatically recovers the DNS based on FQDN (Fully Qualified Domain Name) after address renumbering. We successFully implemented the prototype in Linux as an extended form of BIND (Berkeley Internet Name Domain). The evaluation results confirmed approximately 25% down of the DNS query count and the successful automatic DNS recovery after address renumbering.
Kenichi Sugitani - One of the best experts on this subject based on the ideXlab platform.
-
Statistical Study of Unusual DNS Query Traffic
2014Co-Authors: Dennis Arturo, Yasuo Musashi, Hirofumi Nagatomi, Kenichi SugitaniAbstract:We statistically investigated on the unusual big DNS resolution traffic toward the top Domain DNS server from a university local campus network in April 11th, 2006. The following results are obtained: (1) In April 11th, the DNS query traffic includes a lot of Fully Qualified Domain names (FQDNs) of several specific web sites as name resolution keywords. (2) Also, the DNS query traffic includes a plenty of source IP addresses of PC clients. Also (3), the several DNS query keywords including specific well-known web sites can be found in the DNS traffic. Therefore, it can be concluded that we can detect the unusual traffic and bots worm activity (DDoS attacks and/or prescannings) by assuming a threshold based statisti-cal detection model and checking the several specifi
-
DNS Based Detection of SSH Dictionary Attack in Campus Network
2009Co-Authors: Dennis Arturo Ludena Romana, Yasuo Musashi, Kenichi Sugitani, Kazuya Takemori, Masaya Kumagai, Shinichiro Kubota, Tsuyoshi Usagawa, Toshinori SueyoshiAbstract:We statistically investigated the DNS query access traffic from a university campus network toward the top Domain DNS through March 14th, 2009, when the hosts in the campus network were under inbound SSH dictionary brute force attack. The interesting results are obtained, as follows: (1) the several hosts generated the DNS query packet traffic, taking a rate of more than 1,000 hour -1 , through 07:30-08:30 in March 14th, 2009, (2) the DNS query packet traffic correlates with the DNS query packet one including more than two specific query keywords (payloads of the packets), and (3) the former keyword is a Fully Qualified Domain name (FQDN) and the latter one is an IP address. Therefore, we can detect inbound SSH dictionary attack by watching frequencies of the FQDNs and the IP addresses as query keywords in the DNS query packets from the hosts in the campus network.
-
Johann Wolfgang Goethe Universität Frankfurt am Main
2008Co-Authors: Seiji Hayashida, Kenichi Sugitani, Ryuichi Matsuba, Kai RannenbergAbstract:The syslog messages of the top Domain DNS (tDNS) servers in a university were statistically investigated when having receiving a large amount of DNS query packets like a distributed denial-of-service (DDoS) attack. Three types of DNS query-based DDoS attacks are found and summarized as follows: (1) In the term of February to April, 2004, the DNS-DDoS attack is mainly dominated by the PTR record-based DNS query packets from the outside of the university in which the content of the packet include an unused IP address (a dark address) in the university. (2) In the term of April of 2005, it is significantly driven by the A record based DNS query packets from the inside of the university and the contents of the packets have IP addresses directly. And (3) in the April 20th, 2005, it is surely contributed by the DNS query packets that include a Fully Qualified Domain name (FQDN) of a subDomain E-mail sever, an FQDN of the tDNS, and two kinds of IP addresses that are related with the PC clients in th
-
Statistical study of unusual DNS query traffic
2007 International Symposium on Communications and Information Technologies, 2007Co-Authors: Dennis Arturo Ludena Romana, Yasuo Musashi, Hirofumi Nagatomi, Kenichi SugitaniAbstract:We statistically investigated on the unusual big DNS resolution traffic toward the top Domain DNS server from a university local campus network in April 11th, 2006. The following results are obtained: (1) In April 11th, the DNS query traffic includes a lot of Fully Qualified Domain names (FQDNs) of several specific Web sites as name resolution keywords. (2) Also, the DNS query traffic includes a plenty of source IP addresses of PC clients. Usually, we can observe the source IP addresses of E-mail and/or Web servers in the usual DNS query traffic, mainly. From this point, it can be concluded that the PC clients are probably infected with bot worms (BWs) and they have tried to crash the top Domain DNS server.
-
Detection-and prevention-system of DNS query-based distributed denial-of-service attack
2005Co-Authors: Yasuo Musashi, Kenichi Sugitani, Seiji Hayashida, Ryuichi Matsuba, Kai RannenbergAbstract:The syslog messages of the top Domain DNS (tDNS) servers in a university were statistically investigated when having receiving a large amount of DNS query packets like a distributed denial-of-service (DDoS) attack. Three types of DNS query-based DDoS attacks are found and summarized as follows: (1) In the term of February to April, 2004, the DNS-DDoS attack is mainly dominated by the PTR record-based DNS query packets from the outside of the university in which the content of the packet include an unused IP address (a dark address) in the university. (2) In the term of April of 2005, it is significantly driven by the A record based DNS query packets from the inside of the university and the contents of the packets have IP addresses directly. And (3) in the April 20th, 2005, it is surely contributed by the DNS query packets that include a Fully Qualified Domain name (FQDN) of a subDomain E-mail sever, an FQDN of the tDNS, and two kinds of IP addresses that are related with the PC clients in the subDomain, respectively. These results are useful information for us to develop the detection and prevention systems against the DDoS attack to the DNS server and to understand what kinds of security incidents take place. Also, we have partially developed and implemented detectionand prevention-system and evaluated how it works.
Hiroaki Harai - One of the best experts on this subject based on the ideXlab platform.
-
secure glue a cache and zone transfer considering automatic renumbering
Computer Software and Applications Conference, 2015Co-Authors: Kenji Fujikawa, Hiroaki Harai, Masataka OhtaAbstract:Domain Name System (DNS) is the most widely used name resolution system for computers and services in the Internet. The number of Domain name registrations is reaching 276 million across all top level Domains (TLDs) today and the DNS query count is increasing year over year. The main reason of the high DNS query count is the increase of out-of-bailiwick Domain name delegation since it (NS without glue A record) makes the client send extra DNS queries for the glue A record. On the other hand, the master/slave model is not compatible with address renumbering in DNS since the master is indicated by its IP address in the slave. Thus it is necessary to redesign the current DNS protocol considering lower name resolution latency as well as the enhancement of automatic convergence after the address renumbering for the effective and sustained name resolution service. In this paper, we propose two mechanisms: one is the secure glue A cache and update to reduce the name resolution latency by cutting the DNS query count with low security risk, the other is the automatic zone transfer which automatically recovers the DNS based on FQDN (Fully Qualified Domain Name) after address renumbering. We successFully implemented the prototype in Linux as an extended form of BIND (Berkeley Internet Name Domain). The evaluation results confirmed approximately 25% down of the DNS query count and the successful automatic DNS recovery after address renumbering.
-
COMPSAC - Secure Glue: A Cache and Zone Transfer Considering Automatic Renumbering
2015 IEEE 39th Annual Computer Software and Applications Conference, 2015Co-Authors: Kenji Fujikawa, Hiroaki Harai, Masataka OhtaAbstract:Domain Name System (DNS) is the most widely used name resolution system for computers and services in the Internet. The number of Domain name registrations is reaching 276 million across all top level Domains (TLDs) today and the DNS query count is increasing year over year. The main reason of the high DNS query count is the increase of out-of-bailiwick Domain name delegation since it (NS without glue A record) makes the client send extra DNS queries for the glue A record. On the other hand, the master/slave model is not compatible with address renumbering in DNS since the master is indicated by its IP address in the slave. Thus it is necessary to redesign the current DNS protocol considering lower name resolution latency as well as the enhancement of automatic convergence after the address renumbering for the effective and sustained name resolution service. In this paper, we propose two mechanisms: one is the secure glue A cache and update to reduce the name resolution latency by cutting the DNS query count with low security risk, the other is the automatic zone transfer which automatically recovers the DNS based on FQDN (Fully Qualified Domain Name) after address renumbering. We successFully implemented the prototype in Linux as an extended form of BIND (Berkeley Internet Name Domain). The evaluation results confirmed approximately 25% down of the DNS query count and the successful automatic DNS recovery after address renumbering.
