• ETRI Journal
• /
• v.43 no.1
• /
• pp.40-52
• /
• 2021

DNS (Domain Name System) tunnels almost obscure the true network activities of users, which makes it challenging for the gateway or censorship equipment to identify malicious or unpermitted network behaviors. An efficient way to address this problem is to conduct a temporal-spatial analysis on the tunnel traffic. Nevertheless, current studies on this topic limit the DNS tunnel to those with a single protocol, whereas more than one protocol may be used simultaneously. In this paper, we concentrate on the refined identification of two protocols mixed in a DNS tunnel. A feature set is first derived from DNS query and response flows, which is incorporated with deep neural networks to construct a regression model. We benchmark the proposed method with captured DNS tunnel traffic, the experimental results show that the proposed scheme can achieve identification accuracy of more than 90%. To the best of our knowledge, the proposed scheme is the first to estimate the ratios of two mixed protocols in DNS tunnels.

• Proceedings of the IEEK Conference
• /
• 2004.08c
• /
• pp.544-548
• /
• 2004

DHCP(Dynamic Host Configuration Protocol) is a protocol which dynamically allocates an IP address and/or host configuration parameters to a host. The DHCP client's address can be changed dynamically any time. For the possible communication with other system, the DHCP client has to inform its address to the DNS system with dynamic update facility. But the DNS dynamic update has a problem related to the security. So we proposed the efficient mechanism for the secure integration of DHCP and DNS by using DNS security extensions. The system also uses the DNS server as the certificate repository for the storing & retrieval of each other's certificate.

• BMB Reports
• /
• v.37 no.2
• /
• pp.260-267
• /
• 2004

Transducin (T), the heterotrimeric guanine nucleotide binding protein in rod outer segments, serves as an intermediary between the receptor protein, rhodopsin, and the effector protein, cGMP phosphodiesterase. Labeling of T with dansyl chloride (DnsCl) inhibited its light-dependent guanine nucleotide binding activity. Conversely, DnsCl had no effect on the functionality of rhodopsin. Approximately 2-3 mol of DnsCl were incorporated per mole of T. Since fluoroaluminate was capable of activating DnsCl-modified T, this lysine-specific labeling compound did not affect the guanine nucleotide-binding pocket of T. However, the labeling of T with DnsCl hindered its binding to photoexcited rhodopsin, as shown by sedimentation experiments. Additionally, rhodopsin completely protected against the DnsCl inactivation of T. These results demonstrated the existence of functional lysines on T that are located in the proximity of the interaction site with the photoreceptor protein.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2013.05a
• /
• pp.683-686
• /
• 2013

최근 인터넷을 이용한 금융거래가 활발해지면서 피싱이나 파밍과 같은 공격을 통한 개인정보 유출 사고가 빈번히 발생하고 있다. 특히 파밍의 경우, 공격자가 DNS 정보를 변조하여 사용자가 올바른 URL을 입력하더라도 악의적 사이트로 컴퓨터가 접속을 하기 때문에 위험성이 매우 높다. 이러한 공격들을 방지하기위하여 여러 연구가 진행되었지만, DNS 정보의 검증을 위한 추가적인 절차를 필요로 하거나 과도한 네트워크 트래픽을 유발할 수 있는 문제점을 가지고 있다. 따라서 본 논문에서는 이러한 문제점을 극복하고자 DNS 리소스 레코드(Resource Record)의 부분 암호화를 이용하여 DNS 변조 공격을 탐지 하는 프로토콜을 제안한다.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2022.01a
• /
• pp.107-108
• /
• 2022

오늘날 도메인 네임 시스템(DNS) 서비스는 단순히 IP 주소를 .com, .net 등의 도메인으로 변환해주는 기능을 넘어 컨텐츠 가속(CDN) 서비스, 고가용성(HA) 서비스, 분산 서비스 거부공격(DDoS) 방어 서비스, 통신 구간 암호화 서비스로서 그 용도를 넓혀가고 있다. 이용자들은 이러한 업체가 외부 기관에 정보를 넘기지 않고, 모든 통신 구간은 서비스 업체도 그 내용을 들여다보지 못할 정도로 철저히 암호화한다는 도덕적인 영업과 운영을 할 것으로 기대하지만, 실제 사례를 살펴보면 그렇지 못하다는 점이 드러난다. 본 논문에서는 2021년 기준으로 최소 7년간 이어져온 것으로 추정되는 유명 DNS 서비스 업체의 보안접속 악용 사례를 중심으로 이러한 악용이 어떻게 이루어지고 이것에 대응하기 위해 사용할 수 있는 표준화 기술은 이 문제에 효용성이 있는지를 DNS 업체와 동일한 실제 환경 구성을 통해 검증하였다.

• The Journal of the Korea Contents Association
• /
• v.8 no.4
• /
• pp.264-272
• /
• 2008

In ubiquitous geographic information environment, the users are provided with geographic information anywhere and any time on their needs by any types of devices and communication media. The unique location ID, ePosition, is a new technology to support UBGI environment, using a logical location ID instead of physical location of a point of interest. Domain names of plural ePosition servers, where location information with its ePosition is stored, needs to be registered in DNS for some service through Internet. For better ePosition service of the type of public service like email service, a set of DNS resource records can be newly defined. This paper suggests a new DNS resource record EPO for implementation of the ePosition service through Internet.

• Journal of Convergence for Information Technology
• /
• v.10 no.12
• /
• pp.22-30
• /
• 2020

With the development of information and communication technology, DDoS and DRDoS continue to become security issues, and gradually develop into advanced techniques. Recently, IT companies have been threatened with DRDoS technology, which uses protocols from normal servers to exploit as reflective servers. Reflective traffic is traffic from normal servers, making it difficult to distinguish from security equipment and amplified to a maximum of Tbps in real-life cases. In this paper, after comparing and analyzing the DNS amplification and Memcached amplification used in DRDoS attacks, a countermeasure that can reduce the effectiveness of the attack is proposed. Protocols used as reflective traffic include TCP and UDP, and NTP, DNS, and Memcached. Comparing and analyzing DNS protocols and Memcached protocols with higher response sizes of reflective traffic among the protocols used as reflective traffic, Memcached protocols amplify ±21% more than DNS protocols. The countermeasure can reduce the effectiveness of an attack by using the Memcached Protocol's memory initialization command. In future studies, various security-prone servers can be shared over security networks to predict the fundamental blocking effect.

• Journal of computational fluids engineering
• /
• v.13 no.4
• /
• pp.114-125
• /
• 2008

Current state and perspective of DNS of turbulence and turbulent combustion are discussed with feature trend of the fastest supercomputer in the world. Based on the perspective of DNS of turbulent combustion, possibility of perfect simulations of IC engine is shown. In 2020, the perfect simulation will be realized with 30 billion grid points by 1EXAFlops supercomputer, which requires 4 months CPU time. The CPU time will be reduced to about 4 days if several developments were achieved in the current fundamental researches. To shorten CPU time required for DNS of turbulent combustion, two numerical methods are introduced to full-explicit full-compressible DNS code. One is compact finite difference filter to reduce spatial resolution requirements and numerical oscillations in small scales, and another is well-known point-implicit scheme to avoid quite small time integration of the order of nanosecond for fully explicit DNS. Availability and accuracy of these numerical methods have been confirmed carefully for auto-ignition, planar laminar flame and turbulent premixed flames. To realize DNS of IC engine with realistic kinetic mechanism, several DNS of elemental combustion process in IC engines has been conducted.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.4
• /
• pp.729-735
• /
• 2013

The recent issue of distributed denial of service attack paralyze major government and financial institution in internet sites. They threatened to the cyber security. There hasn't been easy defense of now using attack. There seems to be increases in damage. In this paper, The recent continue to evolve of distributed denial of service attack. DNS target of distributed denial of service attack give specific examples. but, DNS target of DDoS attacks about defense is insufficient. The DNS Cyber-shelter system was created based on the Cyber-shelter system for DDoS attack in Kisa.. We proposal DNS Cyber-shelter system.

• 한국전산유체공학회:학술대회논문집
• /
• 2008.03a
• /
• pp.359-366
• /
• 2008

Current state and perspective of DNS of turbulence and turbulent combustion are discussed with feature trend of the fastest supercomputer in the world. Based on the perspective of DNS of turbulent combustion, possibility of perfect simulations of IC engine is shown. In 2020, the perfect simulation will be realized with 30 billion grid points by 1EXAFlops supercomputer, which requires 4 months CPU time. The CPU time will be reduced to about 4 days if several developments were achieved in the current fundamental researches. To shorten CPU time required for DNS of turbulent combustion, two numerical methods are introduced to full-explicit full-compressible DNS code. One is compact finite difference filter to reduce spatial resolution requirements and numerical oscillations in small scales, and another is well-known point-implicit scheme to avoid quite small time integration of the order of nanosecond for fully explicit DNS. Availability and accuracy of these numerical methods have been confirmed carefully for auto-ignition, planar laminar flame and turbulent premixed flames. To realize DNS of IC engine with realistic kinetic mechanism, several DNS of elemental combustion process in IC engines has been conducted.