The Experts below are selected from a list of 15198 Experts worldwide ranked by ideXlab platform
Katsuyoshi Iida - One of the best experts on this subject based on the ideXlab platform.
-
detection method of dns based botnet communication using obtained ns record history
Computer Software and Applications Conference, 2015Co-Authors: Hikaru Ichise, Yong Jin, Katsuyoshi IidaAbstract:To combat with botnet, early detection of the botnet communication and fast identification of the bot-infected PCs is very important for network administrators. However, in DNS protocol, which appears to have been used for botnet communication recently, it is difficult to differentiate the ordinary domain Name Resolution and suspicious communication. Our key idea is that the most of domain Name Resolutions first obtain the corresponding NS (Name Server) record from authoritative Name servers in the Internet, whereas suspicious communication may omit the procedures to hide their malicious activities. Based on this observation, we propose a detection method of DNS basis botnet communication using obtained NS record history. Our proposed method checks whether the destined Name server (IP address) of a DNS query is included in the obtained NS record history to detect the botnet communications.
-
Analysis of via-resolver DNS TXT queries and detection possibility of botnet communications
Communications, Computers and Signal Processing (PACRIM), 2015 IEEE Pacific Rim Conference on, 2015Co-Authors: Hikaru Ichise, Yong Jin, Katsuyoshi IidaAbstract:Recent reports on Internet security have indicated that the DNS (Domain Name System) protocol is being used for botnet communication in various botnets; in particular, botnet communication based on DNS TXT record type has been observed as a new technique in some botnet-based cyber attacks. One of the most fundamental Internet protocols, the DNS protocol is used for basic Name Resolution as well as many Internet services, so it is not possible to simply block out all DNS traffic. To block out only malicious DNS TXT record based botnet communications, it would be necessary to distinguish them from legitimate DNS traffic involving DNS TXT records. However, the DNS TXT record is also used in many legitimate ways since this type is allowed to include any plain text up to a fairly long length. In this paper, we mainly focus on the usage of the DNS TXT record and explain our analysis using about 5.5 million real DNS TXT record queries obtained for over 3 months in our campus network. Based on the analysis findings, we discuss a new method to detect botnet communication. Our analysis results show that 330 unique destination IP addresses (cover approximately 22.1% of unknown usages of DNS TXT record queries) may have been involved in malicious communications and this proportion is a reasonable basis for network administrators to perform detailed manual checking in many organizations.
Klaus Wehrle - One of the best experts on this subject based on the ideXlab platform.
-
establishing mobile ad hoc networks in 802 11 infrastructure mode
Workshop Challenged Networks, 2011Co-Authors: Hanno Wirtz, Tobias Heer, Robert Backhaus, Klaus WehrleAbstract:Due to the widespread availability of 802.11-compliant devices, the 802.11 ad-hoc mode appears especially suited to set up mobile ad-hoc networks (MANETs). In practice, creating a MANET is challenging because typical mobile devices do not implement the configuration, routing, and Name Resolution functions required to operate in an ad-hoc scenario. Software restrictions on modern mobile operating systems, such as Android and iOS, even prevent mobile devices from actively participating in ad-hoc networks without circumventing vendor barriers (e.g., acquiring root access). While 802.11 infrastructure mode is not originally meant for ad-hoc establishment of multi-hop networks, it is a commodity in all 802.11-compliant devices. This availability prompts the question whether efficient ad-hoc networks can be formed by solely using 802.11 infrastructure mode. In this paper, we present an approach for 802.11 infrastructure mode ad-hoc networks in which mobile devices simultaneously function as an access point and as a station. To establish multi-hop communication across multiple infrastructure mode networks, they mesh with other access point devices. Our evaluation shows that 802.11 infrastructure ad- hoc networks even outperform 802.11 ad-hoc mode networks in terms of multi-hop throughput.
-
establishing mobile ad hoc networks in 802 11 infrastructure mode
Workshop on Wireless Network Testbeds Experimental evaluation & CHaracterization, 2011Co-Authors: Hanno Wirtz, Robert Backhaus, Rene Hummen, Klaus WehrleAbstract:Mobile Ad-Hoc Networks (MANETs) rely on the 802.11 ad-hoc mode to establish communication with nearby peers. In practice, this makes MANETs hard to realize. While 802.11-compliant mobile devices implement the ad-hoc mode on the hardware layer, the software layer typically does not implement support for ad-hoc networking in terms of ad-hoc routing and Name Resolution protocols. Modern mobile operating systems, such as Android and iOS, even hide the inherent ad-hoc functionality of the wireless card through restrictions in the OS. In contrast to this, support for the 802.11 infrastructure mode is a commodity. We propose establishing ad-hoc networks using the 802.11 infrastructure mode. In MA-Fi (Mobile Ad-Hoc Wi-Fi), a small core of mobile router nodes (RONs) provides infrastructure mode network access to mobile station nodes (STANs). As STANs also act as a station in infrastructure networks of other RONs, MA-Fi achieves multi-hop communication between RON and STAN devices in the overall network. We show the creation and operation of mobile ad-hoc networks using MA-Fi. We focus on mobility of RONs and STANs as well as topology control in the overall network.
Hikaru Ichise - One of the best experts on this subject based on the ideXlab platform.
-
detection method of dns based botnet communication using obtained ns record history
Computer Software and Applications Conference, 2015Co-Authors: Hikaru Ichise, Yong Jin, Katsuyoshi IidaAbstract:To combat with botnet, early detection of the botnet communication and fast identification of the bot-infected PCs is very important for network administrators. However, in DNS protocol, which appears to have been used for botnet communication recently, it is difficult to differentiate the ordinary domain Name Resolution and suspicious communication. Our key idea is that the most of domain Name Resolutions first obtain the corresponding NS (Name Server) record from authoritative Name servers in the Internet, whereas suspicious communication may omit the procedures to hide their malicious activities. Based on this observation, we propose a detection method of DNS basis botnet communication using obtained NS record history. Our proposed method checks whether the destined Name server (IP address) of a DNS query is included in the obtained NS record history to detect the botnet communications.
-
Analysis of via-resolver DNS TXT queries and detection possibility of botnet communications
Communications, Computers and Signal Processing (PACRIM), 2015 IEEE Pacific Rim Conference on, 2015Co-Authors: Hikaru Ichise, Yong Jin, Katsuyoshi IidaAbstract:Recent reports on Internet security have indicated that the DNS (Domain Name System) protocol is being used for botnet communication in various botnets; in particular, botnet communication based on DNS TXT record type has been observed as a new technique in some botnet-based cyber attacks. One of the most fundamental Internet protocols, the DNS protocol is used for basic Name Resolution as well as many Internet services, so it is not possible to simply block out all DNS traffic. To block out only malicious DNS TXT record based botnet communications, it would be necessary to distinguish them from legitimate DNS traffic involving DNS TXT records. However, the DNS TXT record is also used in many legitimate ways since this type is allowed to include any plain text up to a fairly long length. In this paper, we mainly focus on the usage of the DNS TXT record and explain our analysis using about 5.5 million real DNS TXT record queries obtained for over 3 months in our campus network. Based on the analysis findings, we discuss a new method to detect botnet communication. Our analysis results show that 330 unique destination IP addresses (cover approximately 22.1% of unknown usages of DNS TXT record queries) may have been involved in malicious communications and this proportion is a reasonable basis for network administrators to perform detailed manual checking in many organizations.
Hiroaki Nishi - One of the best experts on this subject based on the ideXlab platform.
-
service oriented router based cdn system an sor based cdn infrastructure implementation on a real network environment
Computer Software and Applications Conference, 2013Co-Authors: Janaka Wijekoon, Shinichi Ishida, Erwin Harahap, Hiroaki NishiAbstract:Internet users are constantly demanding faster and higher quality services from their internet service providers. Therefore, for fast data delivery of such applications, Content Delivery Networks (CDNs) have been introduced. Most CDN providers use Domain Name Resolution (DNS) based request routing (RR) methods to find the nearest server for a particular client and it has both advantages and disadvantages. Importantly, disadvantages result high latencies of data delivery and network congestions. To maintain rich information in the Internet and to shift the current Internet infrastructure to an information-based open environment platform, Service-oriented Routers (SoRs) have been introduced. An SoR has a high-throughput database and it is able to analyze all transactions on its interfaces. Therefore, we have used the basic functionalities of the SoR to diminish disadvantages of the DNS-based RR methods. Proposed system is independent from DNS-based RR and we have conducted experiments based on content-centric RR using the SoR basic functionalities and successfully evaluated and compared both of the round trip time (RTT) and the packet inter arrival time. Our results indicated that SoR-based method can reduce upto 40-50% latency in both connection initiation time and content migration time in-between servers.
Christian Dannewitz - One of the best experts on this subject based on the ideXlab platform.
-
network of information netinf an information centric networking architecture
Computer Communications, 2013Co-Authors: Christian Dannewitz, Borje Ohlman, Dirk Kutscher, Stephen Farrell, Bengt Ahlgren, Holger KarlAbstract:Information-centric networking (ICN) is a promising approach to networking that has the potential to provide better - more natural and more efficient - solutions for many of today's important communication applications including but not limited to large-scale content distribution. This article describes the Network of Information (NetInf) architecture - a specific ICN approach that targets global-scale communication and supports many different types of networks and deployments, including traditional Internet access/core network configurations, data centers, as well as challenged and infrastructure-less networks. NetInf's approach to connecting different technology and administrative domains into a single information-centric network is based on a hybrid Name-based routing and Name Resolution scheme. In this article, we describe the most important requirements that motivated the NetInf design. We present an architecture overview and discuss the different architecture elements such as naming, message forwarding, caching, and a Name Resolution service (NRS) in detail. As efficient caching and a scalable NRS are two main success factors, we present an evaluation of both elements based on a theoretical analysis, complemental simulation results, and prototyping results. The results suggest that a scalable NRS for 10^1^5 and more objects with Resolution latencies (well) below 100ms is possible, implying that a global Network of Information that removes the need for today's application-specific overlay solutions is feasible.
-
netinf an information centric design for the future internet
2013Co-Authors: Christian DannewitzAbstract:The current Internet architecture has been very successful and has scaled well beyond the original aspirations. Nevertheless, the architecture suffers from multiple well docu- mented problems, many of which result from the fact that the usage of the Internet has changed drastically. For example, the original Internet architecture is designed to provide access to specific nodes in the network whereas today's usage is dominated by information dissemination where the information requester does not care about the source location. To adjust to those chan- ges, we develop a new, information-centric network architecture called Network of Information (NetInf ) in the context of the FP7 EU-funded 4WARD project. This architecture can significantly improve large scale information distribution. Furthermore, it supports future mobile networks in situations with intermittent and heterogeneous connectivity and connects the digital with the physical world to enable better user experience. NetInf is built upon an extended identifier/locator split which is based on a simple but powerful information model. Main aspects of NetInf include the persistent naming of information, a world- wide scalable Name Resolution mechanism for flat identifiers, and improved information availability and dissemination via caching and storage integrated into the network architecture.
-
mdht a hierarchical Name Resolution service for information centric networks
ACM Special Interest Group on Data Communication, 2011Co-Authors: Matteo Dambrosio, Christian Dannewitz, Holger Karl, Vinicio VercelloneAbstract:Information-centric network architectures are an increasingly important approach for future Internet architectures. Several approaches are based on a non-hierarchical identifier (ID) Namespace that requires some kind of global Name Resolution Service (NRS) to translate the object IDs into network addresses. Building a world-wide NRS for such a Namespace with 1015 expected IDs is challenging because of requirements such as low latency, efficient network utilization, and anycast routing. In this paper, we present an NRS called Multi-level Distributed Hash Table (MDHT). It provides Name-based anycast routing, can support constant hop Resolution, and fulfills the afore mentioned requirements. A scalability assessment shows that our system can scale to the Internet level, managing 1015 objects with today's storage technology and 1/10th of today's DNS nodes. The evaluation indicates that a non-hierarchical Namespace can be adopted on a global scale, opening up several design alternatives for information-centric network architectures.
-
design considerations for a network of information
Conference on Emerging Network Experiment and Technology, 2008Co-Authors: Bengt Ahlgren, Borje Ohlman, Rene Rembarz, Matteo Dambrosio, Christian Dannewitz, Marco Marchisio, Ian Marsh, Kostas Pentikousis, Ove Strandberg, Vinicio VercelloneAbstract:The existing Internet ecosystem is a result of decades of evolution. It has managed to scale well beyond the original aspirations. Evolution, though, highlighted a certain degree of inadequacies that is well documented. In this position paper we present the design considerations for a re-architected global networking architecture which delivers dissemination and non-dissemination objects only to consenting recipients, reducing unwanted traffic, linking information producers with consumers independently of the hosts involved, and connects the digital with the physical world. We consider issues ranging from the proposed object identifier/locator split to security and trust as we transition towards a Network of Information and relate our work with the emerging paradigm of publish/subscribe architectures. We introduce the fundamental components of a Network of Information, i.e., Name Resolution, routing, storage, and search, and close this paper with a discussion about future work.
