2023 Fiscal Year Final Research Report
Integrated design and construction of efficient detection and terminal decontamination for DNS contamination
| Project/Area Number |
18K11291
|
|---|
| Research Category |
Grant-in-Aid for Scientific Research (C)
|
| Allocation Type | Multi-year Fund |
|---|
| Section | 一般 |
|---|
| Review Section |
Basic Section 60070:Information security-related
|
|---|
| Research Institution | Tokyo Institute of Technology |
|---|
Principal Investigator |
|
|---|
| Co-Investigator(Kenkyū-buntansha) |
金 勇 東京工業大学, 学術国際情報センター, マネジメント准教授 (60725787)
|
|---|
| Project Period (FY) |
2018-04-01 – 2024-03-31
|
| Keywords | DNS security |
|---|
| Outline of Final Research Achievements |
We proposed a system to mitigate attacks against DNS cache. The system collects history including terminal information, extracts usage features, and performs learning, and, also performs history-based feature extraction and anomaly detection on the cache side. We designed and implemented a prototype of this system. In the process, we obtained some knowledge about security in DNS and presented our research. Specifically, we found that the security of communication between the terminal and the resolver is necessary to ensure the security of the DNS, we also developed a method to keep a history of name-drawing for each application in the terminal, and to use the name-drawing of security devices that use DNS by using the DNS standard functions, the research presented a method to reduce the load on security equipment as well as to inspect the name-drawing of security equipment using DNS at the time of relay.
|
| Free Research Field |
Network management
|
| Academic Significance and Societal Importance of the Research Achievements |
DNSのに対する攻撃について考える上で、端末毎やさらにアプリケーション毎に名前引きの内容を詳細化して検討する手法についての構成を複数提案し、サンプル実装を行った。端末内の名前引きを詳細化にすることはOS毎に違い、また、見えづらいため、このような前例は、こういったアプローチのきっかけになっている。また、その情報を集約し、具体的に利用することについても、プロトタイプまでは行っており、実装への目処はつけた。
周辺成果として発表した、ファイアウォールでの悪性サイトの検査負荷を、DNSを用いて、遅延させたり、オンディマンドにさせる手法については、今後の発展が期待できる。
|
