Entity

Time filter

Source Type


Wang Z.,Chinese Academy of Sciences | Wang Z.,China Organizational Name Administration Center
The Scientific World Journal | Year: 2013

This paper studies the DNS cache effects that occur on query distribution at the CN top-level domain (TLD) server. We first filter out the malformed DNS queries to purify the log data pollution according to six categories. A model for DNS resolution, more specifically DNS caching, is presented. We demonstrate the presence and magnitude of DNS cache effects and the cache sharing effects on the request distribution through analytic model and simulation. CN TLD log data results are provided and analyzed based on the cache model. The approximate TTL distribution for domain name is inferred quantificationally. © 2013 Zheng Wang. Source


Wang Z.,China Organizational Name Administration Center
KSII Transactions on Internet and Information Systems | Year: 2012

The Domain Name System (DNS) is a critical Internet infrastructure that provides name to address mapping services. In the past decade, Denial-of-Service (DoS) attacks have targeted the DNS infrastructure and threaten to disrupt this critical service. While the flooding DoS attacks may be alleviated by the DNS caching mechanism, we show in this paper that flooding DoS attacks utilizing name error queries is capable of bypassing the cache of resolvers and thereby impose overwhelming flooding attacks on the name servers. We analyze the impacts of such DoS attacks on both name servers and resolvers, which are further illustrated by May 19 China's DNS Collapse. We also propose the detection and defense approaches for protecting DNS servers from such DoS attacks. In the proposal, the victim zones and attacking clients are detected through monitoring the number of corresponding responses maintained in the negative cache. And the attacking queries can be mitigated by the resolvers with a sample proportion adaptive to the percent of queries for the existent domain names. We assess risks of the DoS attacks by experimental results. Measurements on the request rate of DNS name server show that this kind of attacks poses a substantial threat to the current DNS service. © 2012 KSII. Source


Wang Z.,Chinese Academy of Sciences | Wang Z.,China Organizational Name Administration Center | Tseng S.-S.,Asia University, Taiwan
The Scientific World Journal | Year: 2013

Anomaly detection systems and many other applications are frequently confronted with the problem of finding the largest knee point in the sorted curve for a set of unsorted points. This paper proposes an efficient knee point search algorithm with minimized time complexity using the cascading top-k sorting when a priori probability distribution of the knee point is known. First, a top-k sort algorithm is proposed based on a quicksort variation. We divide the knee point search problem into multiple steps. And in each step an optimization problem of the selection number k is solved, where the objective function is defined as the expected time cost. Because the expected time cost in one step is dependent on that of the afterwards steps, we simplify the optimization problem by minimizing the maximum expected time cost. The posterior probability of the largest knee point distribution and the other parameters are updated before solving the optimization problem in each step. An example of source detection of DNS DoS flooding attacks is provided to illustrate the applications of the proposed algorithm. © 2013 Zheng Wang and Shian-Shyong Tseng. Source


Wang Z.,Chinese Academy of Sciences | Wang Z.,China Organizational Name Administration Center | Tseng S.-S.,Asia University, Taiwan
KSII Transactions on Internet and Information Systems | Year: 2013

Distributed Denial-of-Service (DDoS) attacks towards name servers of the Domain Name System (DNS) have threaten to disrupt this critical service. This paper studies the vulnerability of the cache server to the flooding DNS query traffic. As the resolution service provided by cache server, the incoming DNS requests, even the massive attacking traffic, are maintained in the waiting queue. The sojourn of requests lasts until the corresponding responses are returned from the authoritative server or time out. The victim cache server is thus overloaded by the pounding traffic and thereafter goes down. The impact of such attacks is analyzed via the model of queuing process in both cache server and authoritative server. Some specific limits hold for this practical dual queuing process, such as the limited sojourn time in the queue of cache server and the independence of the two queuing processes. The analytical results are presented to evaluate the impact of DDoS attacks on cache server. Finally, numerical results are provided for further analysis. © 2013 KSII. Source


Wang Z.,Chinese Academy of Sciences | Wang Z.,China Organizational Name Administration Center | Hu A.-L.,Chinese Academy of Sciences
2013 IEEE 32nd International Performance Computing and Communications Conference, IPCCC 2013 | Year: 2013

The Domain Name System (DNS) resolution is usually served by multiple geographically distant servers. In planning and optimizing DNS server number, placement, and capacity, it is important to predict server load distribution given some knowledge about the network locations and query rates of active caching resolvers. This poster proposes an analytical model for predicting the DNS server load distribution. The model identifies the dependencies among server load distribution, server selection behavior, DNS response RTT, request processing delay and propagation delay. The preliminary simulation results show that DNS server load distribution can be predicted by solving the model using the iterative approach. © 2013 IEEE. Source

Discover hidden collaborations