By Topic

IP Traceback Using DNS Logs against Bots

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Takemori, K. ; KDDI R&D Labs. Inc., Fujimino ; Fujinaga, M. ; Sayama, T. ; Nishigaki, M.

Source IP spoofing attacks are critical issues to the Internet. These attacks are considered to be sent from bot infected hosts. There has been active research on IP traceback technologies. However, the traceback from an end victim host to an end spoofing host has not yet been achieved, due to the lack of traceback probes installed on each routing path. There is a need to replace alternative probes in order to reduce the installation cost. In this research, we propose an IP tracking scheme against bots using the DNS logs. Many types of bots retrieve IP addresses from fully qualified domain names (FQDNs) at the beginning of communication. The proposed scheme checks from the destination to the source DNS logs, in order to extract the bots. Also, we propose means to distinguish spoofing from non-spoofing attacks, and how to obtain reliable of tracking results. We collect bot communication patterns to confirm that the DNS log can be used for reasonable probes and for achieving a high tracking success rate.

Published in:

Computer Science and its Applications, 2008. CSA '08. International Symposium on

Date of Conference:

13-15 Oct. 2008