• Journal of Digital Convergence
• /
• v.13 no.10
• /
• pp.279-285
• /
• 2015

In this paper, we present the design and implementation of a realtime DNS Query Analysis System to detect and to protect from DNS attacks. The proposed system uses mirroring to collect data in DMZ, then analizes the collected data. As a result of the analysis, if the proposed system finds attack information, the information is used as a filtering information of firewall. statistic of the collected data is viewed as a realtime monitoring information on the web. To verify the effictiveness of the proposed system, we have built the proposed system and conducted some experiments. As the result, Our proposed system can be used effectively to defend DNS spoofing, DNS flooding attack, DNS amplification attack, can prevent interior network's attackers from attacking and provides realtime DNS query statistic information and geographic information for monitoring DNS query using GeoIP API and Google API. It can be useful information for ICT convergence and the future work.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.2
• /
• pp.303-311
• /
• 2015

DNS amplification is a new type of DDoS Attack and nowadays the attack occurs frequently. The previous studies showed the several detection ways such as the traffic analysis based on DNS queries and packet size. However, those methods have some limitations such as the uncertainty of packet size which depends on IP address type and vulnerabilities against distributed amplification attack. Therefore, we proposed a novel traffic analyzing algorithm using Success Rate and implemented the query analyzing system.

• Proceedings of the Korean Information Science Society Conference
• /
• 2000.10c
• /
• pp.328-330
• /
• 2000

DNS(Domain Name Service)는 인터넷 호스트의 주소를 제공하는 서비스로써 기존의 시스템은 영어 알파벳 이외의 다른 언어들로 구성된 도메인 네임(Domain Name)은 처리하지 못한다. 최근, 인터넷의 국제화에 따른 다국어 도메인의 필요성이 점차 증대됨에 따라 이러한 문제점을 해결하고 다국어 도메인 이름을 처리할 수 있는 새로운 DNS 프로토콜인 mlDNS(Multilingual Domain Name Service)를 제안한다. 기존의 DNS와의 호환성 및 상호 운용성을 보장하고 특정 언어에 종속되지 않는 시스템을 디자인하기 위해 mlDNS에서는 Unicode 문자 집합을 기반으로 모든 DNS 질의를 UTF-8 인코딩 방식으로 처리하고 이러한 새로운 mlDNS 질의와 기존의 DNS 질의를 구분하기 위해 DNS 질의 헤더에 'IN'이라는 새로운 비트 영역을 지정하여 사용한다.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.32 no.2B
• /
• pp.108-117
• /
• 2007

Recursive DNS is configured as primary or secondary DNS on user PC and performs domain name resolution corresponding user's DNS query. At present, the amount of DNS traffic is occupied high rate in the total internet traffic and the internet traffic would be increased by failure of IPv6 DNS queries and responses as IPv6 transition environment. Also, existing Recursive DNS service mechanisms is unstable on malicious user's attack same as DoS/DDoS Attack and isn't provide to user trust DNS service fail-over. In this paper, we propose IPv6 Recursive DNS service mechanisms for based on anycast for improving stability. It is that fail-over Recursive DNS is configured IPv6 Anycast address for primary Recursive DNS's foil-over. this mechanisms increases reliability and resiliency to DoS/DDoS attacks and reduces query latency and helps minimize DNS traffic as inducing IPv6 address.

• Proceedings of the Korean Information Science Society Conference
• /
• 1998.10a
• /
• pp.612-614
• /
• 1998

DNS는 인터넷상에서 도메인 네임과 IP 주소간의 상호 전환의 동작을 수행하는 시스템이다. DNS상에서 도메인 네임이나 IP 주소를 요청하는 질의나 이에 대한 응답은 네트워크상에서 UDP를 사용한 메시지 형식으로 전송한다. 이때 제 3자의 개입에 의한 조작의 가능성이 있다. 이러한 질의와 응답 메시지의 조작을 방지하고자 RFS2065에서는 RSA 공개키 방식을 사용하였다. RSA 공개키 방식은 현제 국내에서 직접사용하기에는 많은 애로 사항이 있으며 속도 측면에서 좋지 않은 면을 보여준다. 본 논문에서는 Pseudonoise Sequence와 MD5를 사용하여 DNS 상에서의 안전한 질의 응답을 가능하게 하고자 한다. Pseudonoise Sequence와 MD5를 사용함으로써 메시지를 암오화하지않아도 되며 또한 많은 계산을 요구하지 않는다. 메시지에 Pseudonoise Sequence를 기입하고, 그 메시지의 MD5를 송수신 측에서 검사함으로써 제 3자 개입에 의한 조작 방지와 메시지 데이터의 무결성을 보할 수 있다.

• The Transactions of the Korea Information Processing Society
• /
• v.6 no.1
• /
• pp.134-147
• /
• 1999

The DNS provides naming services which are the basis for the application of the Internet and the security of the DNS should be provided for the security of the Internet. Recently IETF proposed a method which guarantees the integrity of DNS database contents and DNS queries/replies and distributes host public keys. In this paper we describe the design and implementation of the secure DNS which is built based on the IETF proposal and extended to facilitate its sue and management. In the extended secure DNS, DNS servers are used ad the directory system in a public key infrastructure and stores/distributes user public key certificates. The Web-based management interface and security log functions are added and the extended secure DNS is being built so that new cryptographic algorithms can be easily added.

• KIPS Transactions on Computer and Communication Systems
• /
• v.1 no.1
• /
• pp.55-60
• /
• 2012

Recent botnets are widely using the DNS services at the connection of C&C server in order to evade botnet's detection. It is necessary to study on DNS analysis in order to counteract anomaly-based technique using the DNS. This paper studies collection of DNS traffic for experimental data and supervised learning for DNS traffic-based malicious domain classification such as query of domain name corresponding to C&C server from zombies. Especially, this paper would aim to determine significant features of DNS-based classification system for malicious domain extraction by the Principal Component Analysis(PCA).

• Korean Journal of Food Science and Technology
• /
• v.41 no.6
• /
• pp.628-635
• /
• 2009

Autoxidative stability of wheat bran and germ oil extracted from Keumkang wheat (WBG-K) or Dark Northern Spring wheat (WBG-DNS) at $50^{\circ}C$ in the dark was compared by peroxide values (POV) and fatty acid composition by gas chromatography. Changes of minor compounds were monitored by HPLC. WBG-K showed significantly higher linoleic but lower oleic acid content than WBG-DNS. WBG-DNS contained more phospholipids but less tocopherols and carotenoids than WBG-K. POV of oils was increased during storage, with no significant difference in the oxidation rates between two oils. Tocopherols, carotenoids, and phospholipids in both oils were degraded during the autoxidation. Total phospholipids content showed the highest correlation with the degree of oxidation in WBG oils. The results clearly showed that both fatty acid composition and contents of tocopherols, carotenoids, and phospholipids co-affected the autoxidation of WBG oil.

• Korean Journal of Food Science and Technology
• /
• v.42 no.1
• /
• pp.14-20
• /
• 2010

Naturally present antioxidants, tocopherols, carotenoids, and phospholipids in the bran and germ oils from Keumkang (K-WBG oil) and Dark Northern Spring wheats (DNS-WBG oil) were determined during storage under 1700 lux light at $5^{\circ}C$ by HPLC. Oil oxidation was monitored by peroxide values (POV) and conjugated dienoic acid content. The results showed that antioxidants were degraded during storage of the WBG oils under light, with higher degradation rates for carotenoids and phospholipids in the K-WBG oil compared to the DNS-WBG oil. Light increased oil oxidation and the rate of oxidation was higher in K-WBG oil than in the DNS-WBG oil. There was a high correlation between POV and residual amounts of antioxidants during photo-oxidation, with phospholipids showing the greatest effects on POV. This study suggests that a higher amount and lower degradation rate of phospholipids in the DNS-WBG oil contributed to its higher photo-oxidative stability compared to the K-WBG oil.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.8 no.12
• /
• pp.1849-1856
• /
• 2013

DOS attack, the short of Denial of Service attack is an internet intrusion technique which harasses service availability of legitimate users. To respond the DDoS attack, a lot of methods focusing attack source, target and intermediate network, have been proposed, but there have not been a clear solution. In this paper, we purpose the prevention of malicious activity and early detection of DDoS attack by detecting and removing the activity of botnets, or other malicious codes. For the purpose, the proposed method monitors the network traffic, especially DSN traffic, which is originated from botnets or malicious codes.