An FPGA System for Detecting Malicious DNS Network Traffic [chapter]

Brennon Thomas, Barry Mullins, Gilbert Peterson, Robert Mills
<span title="">2011</span> <i title="Springer Berlin Heidelberg"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/kss7mrolvja63k4rmix3iynkzi" style="color: black;">IFIP Advances in Information and Communication Technology</a> </i> &nbsp;
Billions of legitimate packets traverse computer networks every day. Unfortunately, malicious traffic also traverses these same networks. An example is traffic that abuses the Domain Name System (DNS) protocol to exfiltrate sensitive data, establish backdoor tunnels or control botnets. This paper describes the TRAPP-2 system, an extended version of the Tracking and Analysis for Peer-to-Peer (TRAPP) system, which detects BitTorrent and Voice over Internet Protocol (VoIP) traffic. TRAPP-2 is
more &raquo; ... ned to detect a DNS packet, extract the packet payload, compare the data against a hash list and, if the packet is suspicious, log it for future analysis. Results show that the TRAPP-2 system captures 91.89% of DNS packets of interest under a 93.7% network load (937 Mbps). Also, as the hash list size is increased from 1,000 to 131,072,000 unique items, each doubling of the hash list size results in a mean increase of approximately 16 CPU cycles. These results demonstrate the ability of TRAPP-2 to detect traffic of interest under a saturated network load while maintaining large hash lists.
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1007/978-3-642-24212-0_15">doi:10.1007/978-3-642-24212-0_15</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/ldvpxc6alfhwzooqlt5chmizv4">fatcat:ldvpxc6alfhwzooqlt5chmizv4</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20181030063648/https://link.springer.com/content/pdf/10.1007%2F978-3-642-24212-0_15.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/23/20/2320a69e7b8ea8c47dcc868846d4ec31f6a3e129.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1007/978-3-642-24212-0_15"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="external alternate icon"></i> springer.com </button> </a>