Detecting Globally Malicious Events with Local Records: A Case Study
نویسنده
چکیده
On or about August 25 2013, the name servers supporting the country code Top Level Domain (ccTLD) “.cn” were attacked and brought offline[2, 6–8, 11]. As local DNS caches expired, this attack eventually affected the internet traffic of most users attempting to reach Chinese websites because the authoritative DNS servers for those sites ceased working. While the attack itself was widely reported in tech circles, there are very few technical details publicly available about the attack. In this paper, we follow a series of deductive hypotheses: each leading closer to the actual malicious actors and eventually revealing the nature of the attack on the Chinese DNS to be a dictionary based NXDOMAIN attack.
منابع مشابه
The Generation of Earthquake PGA Using Stochastic Finite Fault Method in Alborz Region
Time-history analysis is defined as a kind of dynamic analysis increasingly used in design of structures and evaluation of existing ones. One of the important issues in the Time-history analysis is selecting earthquake records. In this case, seismic design provisions states that time histories shall have similar source mechanisms, geological and seismological features with region under study. A...
متن کاملAnalyzing new features of infected web content in detection of malicious web pages
Recent improvements in web standards and technologies enable the attackers to hide and obfuscate infectious codes with new methods and thus escaping the security filters. In this paper, we study the application of machine learning techniques in detecting malicious web pages. In order to detect malicious web pages, we propose and analyze a novel set of features including HTML, JavaScript (jQuery...
متن کاملDetecting the location of the boundary layers in singular perturbation problems with general linear non-local boundary conditions
Singular perturbation problems have been studied by many mathematicians. Since the approximate solutions of these problems are as the sum of internal solution (boundary layer area) and external ones, the formation or non-formation of boundary layers should be specified. This paper, investigates this issue for a singular perturbation problem including a first order differential equation with gen...
متن کاملCapability of the Stochastic Seismic Inversion in Detecting the Thin Beds: a Case Study at One of the Persian Gulf Oilfields
The aim of seismic inversion is mapping all of the subsurface structures from seismic data. Due to the band-limited nature of the seismic data, it is difficult to find a unique solution for seismic inversion. Deterministic methods of seismic inversion are based on try and error techniques and provide a smooth map of elastic properties, while stochastic methods produce high-resolution maps of el...
متن کاملStability Visualizations as a Low-complexity Descriptor of Network Host Behaviour
Detecting anomalous or malicious behaviour from NetFlow data alone is a difficult task due mainly to the limited information available in a NetFlow record. In this paper we propose a “stability” metric based on only four elements of the NetFlow record (source address, destination address, port, time), which may be efficiently visualized. We show that despite not having access to packet payloads...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2013