摘要: This paper presents an alternative fingerprinting technique to identify DNS software running on caching resolvers in passively collected traffic traces. With this method, it is not required send additional queries during the measurement, unlike existing techniques that rely probing and may be effective due firewall filtering or refused responses.We first carefully examine query patterns upon specific emulation extract 15 heuristic rules from experiment typical (i.e., BIND, Unbound Windows Server). We next demonstrate effectiveness of using real backbone traces with ground truth data. The results show 99% accuracy compared truth. Furthermore, 78% unknown hosts can identified.
acm.org
sci-hub.se 参考文章(12)
Steve DiBenedetto, Kaustubh Gadkari, Nicholas Diel, Andrea Steiner, Dan Massey, Christos Papadopoulos, Fingerprinting custom botnet protocol stacks 2010 6th IEEE Workshop on Secure Network Protocols. pp. 61- 66 ,(2010) , 10.1109/NPSEC.2010.5634448
Shuang Hao, Nick Feamster, Ramakant Pandrangi, Monitoring the initial DNS behavior of malicious domains Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference - IMC '11. pp. 269- 278 ,(2011) , 10.1145/2068816.2068842
Kensuke Fukuda, Shinta Sato, Takeshi Mitamura, A technique for counting DNSSEC validators international conference on computer communications. pp. 80- 84 ,(2013) , 10.1109/INFCOM.2013.6566739
Seong-Cheol Hong, James Won-Ki Hong, Hongtaek Ju, IP prefix hijacking detection using the collection of as characteristics 2011 13th Asia-Pacific Network Operations and Management Symposium. pp. 1- 7 ,(2011) , 10.1109/APNOMS.2011.6077014
Xinchao Han, Xianfeng Du, A new method about operating system identification ieee international conference on information and financial engineering. pp. 882- 885 ,(2010) , 10.1109/ICIFE.2010.5609496
Qinrang Liu, Jin Zhang, Bo Zhao, Traffic Classification Using Compact Protocol Fingerprint international conference on industrial control and electronics engineering. pp. 147- 151 ,(2012) , 10.1109/ICICEE.2012.47
Tatsuya Mori, Holly Esquivel, Aditya Akella, Router-Level Spam Filtering Using TCP Fingerprints: Architecture and Measurement-Based Evaluation conference on email and anti spam. ,(2009)
Qingming Yao, Fei-Yue Wang, Hui Gao, Kunfeng Wang, Hongxia Zhao, Location estimation in ZigBee Network based on fingerprinting international conference on vehicular electronics and safety. pp. 1- 6 ,(2007) , 10.1109/ICVES.2007.4456358
Steffen Schulz, Ahmad-Reza Sadeghi, Maria Zhdanova, Hossen Mustafa, Wenyuan Xu, Vijay Varadharajan, None, Tetherway: a framework for tethering camouflage wireless network security. pp. 149- 160 ,(2012) , 10.1145/2185448.2185468
F. Gagnon, B. Esfandiari, A hybrid approach to operating system discovery based on diagnosis theory network operations and management symposium. pp. 860- 865 ,(2012) , 10.1109/NOMS.2012.6212000