Taxonomy and adversarial strategies of random subdomain attacks

Harm Griffioen; Christian Doerr

doi:10.1109/NTMS.2019.8763820

Taxonomy and adversarial strategies of random subdomain attacks

Cyber Security

Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review

4 Citations (Scopus)

Abstract

Ever since the introduction of the domain name system (DNS), attacks on the DNS ecosystem have been a steady companion. Over time, targets and techniques have shifted, and in the recent past a new type of attack on the DNS has emerged. In this paper we report on the DNS random subdomain attack, querying floods of non-existent subdomains, intended to cause a denial-of-service on DNS servers. Based on five major attacks in 2018 obtained through backscatter measurements in a large network telescope, we show the techniques pursued by adversaries, and develop a taxonomy of strategies of this attack.

Original language	English
Title of host publication	2019 10th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2019 - Proceedings and Workshop
Subtitle of host publication	Proceedings
Place of Publication	Piscataway
Publisher	IEEE
Pages	1-5
Number of pages	5
ISBN (Electronic)	978-1-7281-1542-9
ISBN (Print)	978-1-7281-1543-6
DOIs	https://doi.org/10.1109/NTMS.2019.8763820
Publication status	Published - 2019
Event	10th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2019 - Canary Islands, Spain Duration: 24 Jun 2019 → 26 Jun 2019

Publication series

Name	2019 10th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2019 - Proceedings and Workshop

Conference

Conference	10th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2019
Country/Territory	Spain
City	Canary Islands
Period	24/06/19 → 26/06/19

Keywords

Cyber threat intelligence
DDoS
DNS
Random subdomain attack

Access to Document

10.1109/NTMS.2019.8763820

Cite this

Griffioen, H., & Doerr, C. (2019). Taxonomy and adversarial strategies of random subdomain attacks. In 2019 10th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2019 - Proceedings and Workshop: Proceedings (pp. 1-5). Article 8763820 (2019 10th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2019 - Proceedings and Workshop). IEEE. https://doi.org/10.1109/NTMS.2019.8763820

Griffioen, Harm ; Doerr, Christian. / Taxonomy and adversarial strategies of random subdomain attacks. 2019 10th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2019 - Proceedings and Workshop: Proceedings. Piscataway : IEEE, 2019. pp. 1-5 (2019 10th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2019 - Proceedings and Workshop).

@inproceedings{34fbcfbb98e94d8a976476028e431ca1,

title = "Taxonomy and adversarial strategies of random subdomain attacks",

abstract = "Ever since the introduction of the domain name system (DNS), attacks on the DNS ecosystem have been a steady companion. Over time, targets and techniques have shifted, and in the recent past a new type of attack on the DNS has emerged. In this paper we report on the DNS random subdomain attack, querying floods of non-existent subdomains, intended to cause a denial-of-service on DNS servers. Based on five major attacks in 2018 obtained through backscatter measurements in a large network telescope, we show the techniques pursued by adversaries, and develop a taxonomy of strategies of this attack.",

keywords = "Cyber threat intelligence, DDoS, DNS, Random subdomain attack",

author = "Harm Griffioen and Christian Doerr",

year = "2019",

doi = "10.1109/NTMS.2019.8763820",

language = "English",

isbn = "978-1-7281-1543-6",

series = "2019 10th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2019 - Proceedings and Workshop",

publisher = "IEEE",

pages = "1--5",

booktitle = "2019 10th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2019 - Proceedings and Workshop",

address = "United States",

note = "10th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2019 ; Conference date: 24-06-2019 Through 26-06-2019",

}

Griffioen, H & Doerr, C 2019, Taxonomy and adversarial strategies of random subdomain attacks. in 2019 10th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2019 - Proceedings and Workshop: Proceedings., 8763820, 2019 10th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2019 - Proceedings and Workshop, IEEE, Piscataway, pp. 1-5, 10th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2019, Canary Islands, Spain, 24/06/19. https://doi.org/10.1109/NTMS.2019.8763820

Taxonomy and adversarial strategies of random subdomain attacks. / Griffioen, Harm ; Doerr, Christian.
2019 10th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2019 - Proceedings and Workshop: Proceedings. Piscataway: IEEE, 2019. p. 1-5 8763820 (2019 10th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2019 - Proceedings and Workshop).

Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review

TY - GEN

T1 - Taxonomy and adversarial strategies of random subdomain attacks

AU - Griffioen, Harm

AU - Doerr, Christian

PY - 2019

Y1 - 2019

N2 - Ever since the introduction of the domain name system (DNS), attacks on the DNS ecosystem have been a steady companion. Over time, targets and techniques have shifted, and in the recent past a new type of attack on the DNS has emerged. In this paper we report on the DNS random subdomain attack, querying floods of non-existent subdomains, intended to cause a denial-of-service on DNS servers. Based on five major attacks in 2018 obtained through backscatter measurements in a large network telescope, we show the techniques pursued by adversaries, and develop a taxonomy of strategies of this attack.

AB - Ever since the introduction of the domain name system (DNS), attacks on the DNS ecosystem have been a steady companion. Over time, targets and techniques have shifted, and in the recent past a new type of attack on the DNS has emerged. In this paper we report on the DNS random subdomain attack, querying floods of non-existent subdomains, intended to cause a denial-of-service on DNS servers. Based on five major attacks in 2018 obtained through backscatter measurements in a large network telescope, we show the techniques pursued by adversaries, and develop a taxonomy of strategies of this attack.

KW - Cyber threat intelligence

KW - DDoS

KW - DNS

KW - Random subdomain attack

UR - http://www.scopus.com/inward/record.url?scp=85070401458&partnerID=8YFLogxK

U2 - 10.1109/NTMS.2019.8763820

DO - 10.1109/NTMS.2019.8763820

M3 - Conference contribution

SN - 978-1-7281-1543-6

T3 - 2019 10th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2019 - Proceedings and Workshop

SP - 1

EP - 5

BT - 2019 10th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2019 - Proceedings and Workshop

PB - IEEE

CY - Piscataway

T2 - 10th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2019

Y2 - 24 June 2019 through 26 June 2019

ER -

Griffioen H , Doerr C. Taxonomy and adversarial strategies of random subdomain attacks. In 2019 10th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2019 - Proceedings and Workshop: Proceedings. Piscataway: IEEE. 2019. p. 1-5. 8763820. (2019 10th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2019 - Proceedings and Workshop). doi: 10.1109/NTMS.2019.8763820

Taxonomy and adversarial strategies of random subdomain attacks

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this