A Centralized Monitoring Infrastructure for Improving DNS Security

Date Added: Aug 2011
Format: PDF

Researchers have recently noted the potential of fast poisoning attacks against DNS servers, which allows attackers to easily manipulate records in open recursive DNS resolvers. A vendor-wide upgrade mitigated but did not eliminate this attack. Further, existing DNS protection systems, including bailiwick-checking and IDS-style filtration, do not stop this type of DNS poisoning. The authors therefore propose Anax, a DNS protection system that detects poisoned records in cache. Their system can observe changes in cached DNS records, and applies machine learning to classify these updates as malicious or benign.