Using the Domain Name System to Thwart Automated Client-Based Attacks

Taylor, Curtis R; Shue, Craig A

doi:10.2172/1024283

Title: Using the Domain Name System to Thwart Automated Client-Based Attacks

Technical Report · Thu Sep 01 00:00:00 EDT 2011

DOI:https://doi.org/10.2172/1024283· OSTI ID:1024283

Taylor, Curtis R ^[1]; Shue, Craig A ^[1]

ORNL

On the Internet, attackers can compromise systems owned by other people and then use these systems to launch attacks automatically. When attacks such as phishing or SQL injections are successful, they can have negative consequences including server downtime and the loss of sensitive information. Current methods to prevent such attacks are limited in that they are application-specific, or fail to block attackers. Phishing attempts can be stopped with email filters, but if the attacker manages to successfully bypass these filters, then the user must determine if the email is legitimate or not. Unfortunately, they often are unable to do so. Since attackers have a low success rate, they attempt to compensate for it in volume. In order to have this high throughput, attackers take shortcuts and break protocols. We use this knowledge to address these issues by implementing a system that can detect malicious activity and use it to block attacks. If the client fails to follow proper procedure, they can be classified as an attacker. Once an attacker has been discovered, they will be isolated and monitored. This can be accomplished using existing software in Ubuntu Linux applications, along with our custom wrapper application. After running the system and seeing its performance on three popular Web browsers Chromium, Firefox and Internet Explorer as well as two popular email clients, Thunderbird and Evolution, we found that not only is this system conceivable, it is effective and has low overhead.

View Technical Report

Cite

Export

Save

Research Organization:: Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States). National Center for Computational Sciences (NCCS)

Sponsoring Organization:: USDOE Laboratory Directed Research and Development (LDRD) Program

DOE Contract Number:: DE-AC05-00OR22725

OSTI ID:: 1024283

Report Number(s):: ORNL/TM-2011/289; TRN: US201120%%26

Country of Publication:: United States

Language:: English

Similar Records

P2P-based botnets: structural analysis, monitoring, and mitigation

Conference · Tue Jan 01 00:00:00 EST 2008 · OSTI ID:1024283

Yan, Guanhua; Eidenbenz, Stephan; Ha, Duc T; +1 more

Justifying the need for forensically ready protocols: A case study of identifying malicious web servers using client honeypots

Conference · Thu Jan 03 00:00:00 EST 2008 · OSTI ID:1024283

Seifert, Christian; Endicott-Popovsky, Barbara E; Frincke, Deborah A; +3 more

Hybrid methods for cybersecurity analysis :

Technical Report · Wed Jan 01 00:00:00 EST 2014 · OSTI ID:1024283

Dunlavy, Daniel M.

Related Subjects

99 GENERAL AND MISCELLANEOUS//MATHEMATICS, COMPUTING, AND INFORMATION SCIENCE
INTERNET
PERFORMANCE
SECURITY
COMPUTERS
COMPUTER CODES
Internet security
DNS
server defense

Title: Using the Domain Name System to Thwart Automated Client-Based Attacks

Citation Formats

Similar Records

Related Subjects