Skip to main content
OSTI.GOVU.S. Department of Energy Office of Scientific and Technical Information
U.S. Department of Energy
Office of Scientific and Technical Information
 

Using the Domain Name System to Thwart Automated Client-Based Attacks

Technical Report ·
DOI:https://doi.org/10.2172/1024283· OSTI ID:1024283
 [1];  [1]
  1. ORNL
+ Show Author Affiliations
On the Internet, attackers can compromise systems owned by other people and then use these systems to launch attacks automatically. When attacks such as phishing or SQL injections are successful, they can have negative consequences including server downtime and the loss of sensitive information. Current methods to prevent such attacks are limited in that they are application-specific, or fail to block attackers. Phishing attempts can be stopped with email filters, but if the attacker manages to successfully bypass these filters, then the user must determine if the email is legitimate or not. Unfortunately, they often are unable to do so. Since attackers have a low success rate, they attempt to compensate for it in volume. In order to have this high throughput, attackers take shortcuts and break protocols. We use this knowledge to address these issues by implementing a system that can detect malicious activity and use it to block attacks. If the client fails to follow proper procedure, they can be classified as an attacker. Once an attacker has been discovered, they will be isolated and monitored. This can be accomplished using existing software in Ubuntu Linux applications, along with our custom wrapper application. After running the system and seeing its performance on three popular Web browsers Chromium, Firefox and Internet Explorer as well as two popular email clients, Thunderbird and Evolution, we found that not only is this system conceivable, it is effective and has low overhead.
Research Organization:
Oak Ridge National Laboratory (ORNL); Center for Computational Sciences
Sponsoring Organization:
ORNL LDRD Seed-Money
DOE Contract Number:
AC05-00OR22725
OSTI ID:
1024283
Report Number(s):
ORNL/TM-2011/289
Country of Publication:
United States
Language:
English

Similar Records

Omen: identifying potential spear-phishing targets before the email is sent.
Technical Report · Mon Jul 01 00:00:00 EDT 2013 · OSTI ID:1093687
Use of Deception to Improve Client Honeypot Detection of Drive-by-Download Attacks
Book · Fri Jul 24 00:00:00 EDT 2009 · OSTI ID:985019
Phishing in the Wild: An Ecologically Valid Study of the Phishing Tactics and Human Factors that Predict Susceptibility to a Phishing Attack
Journal Article · Tue Feb 28 19:00:00 EST 2023 · Journal of Information Warfare · OSTI ID:1996328

Related Subjects

99 GENERAL AND MISCELLANEOUS
COMPUTER CODES
COMPUTERS
DNS
INTERNET
Internet security
PERFORMANCE
SECURITY
server defense