Accurate DNS server fingerprinting based on borderline behavior analysis

Botao Zhang; Chengxi Xu; Fan Shi

doi:10.1117/12.3026357

27 March 2024 Accurate DNS server fingerprinting based on borderline behavior analysis

Botao Zhang, Chengxi Xu, Fan Shi

Proceedings Volume 13105, International Conference on Computer Graphics, Artificial Intelligence, and Data Processing (ICCAID 2023); 131052H (2024) https://doi.org/10.1117/12.3026357
Event: 3rd International Conference on Computer Graphics, Artificial Intelligence, and Data Processing (ICCAID 2023), 2023, Qingdao, China

Abstract

Recent security incidents against the global DNS ecosystem show a close association with outdated versions of DNS servers. Attackers and security researchers widely employ server fingerprinting as a pre-exploit technique. Considering that a single active or passive fingerprinting technique is difficult to achieve accurate and effective results, we proposed a fingerprinting method combining active and passive techniques to identify different DNS servers. We record DNS server fingerprints by collecting interaction borderline behavior of different DNS servers. After that, we propose a novel hierarchical fingerprinting model named as fpdns-ng algorithm. We apply machine learning models like Decision Tree, KNN and Multilayer Perceptron to classify different kinds of DNS servers. Experiment results prove the effectiveness of our method and show that our approach is more accurate than the state-of-the-art in fingerprinting mainstream DNS servers.

(2024) Published by SPIE. Downloading of the abstract is permitted for personal use only.

Citation Download Citation

Botao Zhang, Chengxi Xu, and Fan Shi "Accurate DNS server fingerprinting based on borderline behavior analysis", Proc. SPIE 13105, International Conference on Computer Graphics, Artificial Intelligence, and Data Processing (ICCAID 2023), 131052H (27 March 2024); https://doi.org/10.1117/12.3026357

ACCESS THE FULL ARTICLE

INSTITUTIONAL
Select your institution to access the SPIE Digital Library.

SELECT YOUR INSTITUTION

PERSONAL
Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.

PERSONAL SIGN IN

No SPIE Account? Create one

PURCHASE THIS CONTENT

SUBSCRIBE TO DIGITAL LIBRARY

50 downloads per 1-year subscription

Members: $195

Non-members: $335 ADD TO CART

25 downloads per 1 - year subscription

Members: $145

Non-members: $250 ADD TO CART

PURCHASE SINGLE ARTICLE

Includes PDF, HTML & Video, when available

Members: $17.00

Non-members: $21.00 ADD TO CART

PROCEEDINGS
9 PAGES

DOWNLOAD PAPER SAVE TO MY LIBRARY

GET CITATION

RIGHTS & PERMISSIONS

Get copyright permission Get copyright permission on Copyright Marketplace

KEYWORDS

Information security

Machine learning

Network security

Decision trees

RELATED CONTENT

Malware behavior detection method based on reinforcement learning
Proceedings of SPIE (March 21 2023)

Information security risk assessment methods for the transportation industry
Proceedings of SPIE (November 10 2021)

A stacked ensemble learning model using heterogeneous base leaners for...
Proceedings of SPIE (December 08 2022)

Imbalanced malware detection via group-ensemble
Proceedings of SPIE (May 23 2023)

Construction of intelligent network anti risk index evaluation system based...
Proceedings of SPIE (September 11 2023)

DLA-PUF: deep learning attacks on hardware security primitives
Proceedings of SPIE (May 02 2019)

Feature based alert correlation in security systems using self organizing...
Proceedings of SPIE (April 13 2009)

Subscribe to Digital Library

Receive Erratum Email Alert

Keywords/Phrases

Search In:

Publication Years