Browsing by Author "Sudarsan, S.D."

Filter results by typing the first few letters
Now showing 1 - 2 of 2
  • No Thumbnail Available
    Item
    DNS Intrusion Detection (DID) — A SNORT-based solution to detect DNS Amplification and DNS Tunneling attacks
    (Elsevier B.V., 2023) Adiwal, S.; Rajendran, B.; Shetty D, P.S.; Sudarsan, S.D.
    Domain Name System (DNS) plays a critical role in the Internet ecosystem, translating numerical IP addresses to memorable domain names and vice versa. The malicious user targets DNS by taking advantage of vulnerabilities in DNS. The most complex attacks in the DNS attacks vector include Distributed Denial of Service (DDoS) based DNS amplification attacks and sophisticated DNS tunneling attacks. An Intrusion Detection System (IDS) is a solution available to monitor the traffic for intrusion in the network but not exclusively for DNS intrusions. In this research paper, we present – DNS Intrusion Detection (DID), a system integrated into SNORT – a prominent open-source IDS, to detect major DNS-related attacks. We developed novel IDS signatures for various tools used in the tunneling, amplification, and DoS attacks and added them to the existing ruleset file of IDS to detect DNS-based intrusions. Our approach successfully identifies empirical DNS attacks carried out by various known tools available over the Internet. Evaluation of DID showed a high detection rate and a very low false-positive rate. © 2023 The Author(s)
  • No Thumbnail Available
    Item
    Health Assessment of 1485 Top Level Domain's Name Servers
    (Institute of Electrical and Electronics Engineers Inc., 2023) Adiwal, S.; Rajendran, B.; Shetty D, D.; Sudarsan, S.D.
    Domain Name System (DNS) has evolved as a critical component in the accessibility of Internet services and has therefore become a key attack vector in major Internet attacks. It is essential to monitor various DNS communications parameters, take corrective actions when needed, and prevent abuse. We propose a new set of metrics that could be monitored to assess the health of a given Top Level Domains (TLDs) nameserver. We then conduct passive probes and determine the values of the proposed parameters for the nameservers serving the 1485 TLDs of the Internet. The values of the identified metrics help to detect sluggishness in performance and form the basis for arriving at a score of their health. The presented approach is scalable across the DNS hierarchy and can be repeated periodically to detect and prevent DNS abuses. © 2023 IEEE.