Role Identification of Domain Name Server Using Machine Learning based on DNS Response Features
Authors: 
Hailing Li, Hui Zhang, Longtao He, Kai Zhang, Chenghai He, Bingjie WeiAuthors Info & Claims
Hailing Li, Hui Zhang, Longtao He, Kai Zhang, Chenghai He, Bingjie WeiAuthors Info & ClaimsPages 133 - 137
Abstract
The Domain Name System (DNS) plays an important role in the Internet by mapping domains to IP addresses. Numerous authoritative name servers and recursive resolvers form the DNS service infrastructure. Accurate identifying the role of the DNS server is of great importance for understanding the DNS infrastructure and performing security analysis. Previous research has proposed some methods for DNS server identification. Most of them are active methods which bring additional bandwidth and security risks; the non-negligible complex configuration of DNS servers in the actual network makes the results of passive approach using the DNS message header fields "AA" and "RA" unsatisfactory. This paper proposes a machine learning method to classify the typical role of the DNS server in a passive manner. Classifiers are trained by three categories of features extracted solely from passive DNS response records (removing the user information) and the experiment results show that the proposed method can achieve high accurate and low false positive rate.
References
[1]
Mockapetris, P. 1987. Domain names - concepts and facilities. RFC 1034. Nov. 1987.
[2]
CISA. 2015. DNS Zone Transfer AXFR Requests May Leak Domain Information. National Cyber Awareness System Alert (TA15-103A). CISA. Washington. USA.
[3]
NIST. 2002. Buffer overflow vulnerable in named in BIND. Last accessed on Nov.18, 2019. URL https://nvd.nist.gov/vuln/detail/CVE-2002-1219.
[4]
Wang, Y., et al. Research on DNS authoritative server's performance and security. Journal on Communications. Vol.27, 2 (Feb. 2006), 147--152. DOI= https://doi.org/10.3321/j.issn:1000-436X.2006.02.023.
[5]
Open Resolver Project. Last accessed on Nov.18, 2019. URL http://www.openresolverproject.org/.
[6]
Bing, R. L. 2016. Active measurement and analysis of open recursive DNS server. Master Thesis. Harbin Institute of Technology.
[7]
Sun, Y., Huang, C. Y., Liu, X. M. et al. 2016. Online identification method for recursive domain name server based on connection degree estimation. Patent. CN 201610144111. IIE, CAS. Beijing, China.
[8]
Gao, C. L., Xun, X. C., et al. 2019. MFRdnsI: A DNS Recursive Server Identification and Classification Method Based on Deep Learning. In Proceedings of the 2019 2nd International Conference on Information Science and Systems (ICISS 2019). ACM, New York, NY, USA, 27--32. DOI= https://doi.org/10.1145/3322645.3322675.
[9]
Mockapetris, P. 1987. Domain names - implementation and specification. RFC 1035, Nov. 1987.
[10]
Albitz, P. and Liu, C. 1998. DNS and BIND. O'Reilly and Associates, Cambridge, USA.
[11]
Suzanne, G., Michael, M. 2018. Nameserver Basics: What is an Authoritative Server? What is a Recursive Server. ISC Release Notes. ISC.
[12]
Rekhter, Y. 1996. Address Allocation for Private Internets. RFC 1918, Feb. 1996.
[13]
Douglas, B., Mark, P., et al. 1984. The Berkeley Internet Domain Name server. Technical Report. No. UCB/CSD-84-182. University of California, Berkeley.
[14]
Richard, J.A. 2016. System Programming: Designing and Developing Distributed Applications.1st edition. Morgan Kaufmann, Greenwich, UK. DOI=https://doi.org/10.1016/B978-0-12-800729-7.00006-6.
[15]
Zheng, W. 2013. Analysis of DNS Cache Effects on Query Distribution. The Scientific World Journal. Volume 2013 (2013), 1--8.Article ID 938418. DOI = http://dx.doi.org/10.1155/2013/938418.
[16]
Pedregosa, G., Varoquaux, A., et al. 2011. Scikit-learn: Machine learning in Python. Journal of Machine Learning Research, Volume12 (2011), 2825--2830, 2011. DOI= https://doi.org/10.1524/auto.2011.0951
Index Terms
- Role Identification of Domain Name Server Using Machine Learning based on DNS Response Features
Recommendations
A DNS Server Classification Method Based on Long-Term Behavior Features
Machine Learning for Cyber SecurityAbstractObtaining the overall status of domain name system (DNS) by DNS measurement is of great significance to DNS protection and Internet traffic optimization. The accurate identification of the DNS server type is one of the challenging problems in the ...
Practical Challenge-Response for DNS
ANRW '18: Proceedings of the 2018 Applied Networking Research WorkshopAuthoritative DNS nameservers are vulnerable to being used in denial of service attacks whereby an attacker sends DNS queries while masquerading as a victim---hence coaxing the DNS server to send the responses to the victim. Reflecting off innocent DNS ...
Comments
Information & Contributors
Information
Published In
March 2020
238 pages
ISBN:9781450377256
DOI:10.1145/3388176
Copyright © 2020 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
In-Cooperation
- University of Salford: University of Salford
- Cardiff University: Cardiff University
- Kingston University: Kingston University
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 20 April 2020
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Funding Sources
- National Key Research and Development Program of China
Conference
ICISS 2020
ICISS 2020: 2020 The 3rd International Conference on Information Science and System
March 19 - 22, 2020
Cambridge, United Kingdom
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 97Total Downloads
- Downloads (Last 12 months)6
- Downloads (Last 6 weeks)1
Reflects downloads up to 01 Nov 2024
Other Metrics
Citations
Cited By
View allView Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in