In this paper, we propose an approach for detecting internal and external network scanning attacks on enterprise networks. our approach, inline scan detection system (SDS) monitors the ingress egress flows of subnet detects probes based correlation with preceding DNS query/responses reducing TTL values Resource Records (RR). Through rigorous evaluation, show that method is effective against bot...

Multihomed services can load-balance their incoming connection requests using DNS, resolving the name of the server with different addresses depending on the link load that corresponds to each address. Previous work has studied a number of problems with this approach, e.g., due to Time-to-Live duration violations and client proximity to local DNS servers. In this paper, we experimentally evalua...

In wireless networks, devices must be able to dynamically discover and share services in the environment. The problem of service discovery has attracted great research interest in the last years, particularly for ad hoc networks. Recently, the IETF has proposed the use of the DNS protocol for service discovery. For ad hoc networks, the IETF works in two proposals of distributed DNS, Multicast D...

Today’s evolving cyber security threats demand new, modern, and cognitive computing approaches to network security systems. In the early years of the Internet, a simple packet inspection firewall was adequate to stop the then-contemporary attacks, such as Denial of Service (DoS), ports scans, and phishing. Since then, DoS has evolved to include Distributed Denial of Service (DDoS) attacks, espe...

Botnets pose a major problem to Internet security. They can cause various online crimes such as DDoS attacks, identity thefts and spam e-mails. While there have been many attempts to detect botnets, most of these studies have difficulties in detecting botnets due to their evasive techniques to resemble normal traffic. In this paper, we propose a visualization method, BotXrayer, to detect botnet...

This work proposes a novel approach to infer and characterize Internet-scale DNS Distributed Reflection Denial of Service (DRDoS) attacks by leveraging the darknet space. Complementary to the pioneer work on inferring Distributed Denial of Service (DDoS) activities using darknet, this work shows that we can extract DDoS activities without relying on backscattered analysis. The aim of this work ...

We present a control plane for operators of Top-level Domains (TLDs) in the Domain Name System (DNS), such as “.org” and “.nl”, that enables them to increase the security and stability of their TLD by taking on the role of a threat intelligence provider. Our control plane is a novel system that extends a TLD operator’s traditional services and detects potential threats in the TLD by continuousl...

The numbers of online social networking sites are growing rapidly. The social networking sites have redefined the way we interact online. Most of the social networking sties provide customizable personal pages to its members. During customization user may embed contents from different web sites that provide contents in a form of HTML embed codes. Thus a page may contain different contents from ...

The Domain Name System (DNS) provides crucial name resolution functions for most Internet services. As a result, DNS traffic provides an important attack vector for mass surveillance, as demonstrated by the QUANTUMDNS and MORECOWBELL programs of the NSA. This article reviews how DNS works and describes security considerations for next generation name resolution systems. We then describe DNS var...

In distributed reflective denial-of-service (DRDoS) attacks, adversaries send requests to public servers (e.g., open recursive DNS resolvers) and spoof the IP address of a victim. These servers, in turn, flood the victim with valid responses and – unknowingly – exhaust its bandwidth. Recently, attackers launched DRDoS attacks with hundreds of Gb/s bandwidth of this kind. While the attack techni...