Malicious DNS Traffic in Tor: Analysis and Countermeasures

被引:1
|
作者
Sonntag, Michael [1 ]
机构
[1] Johannes Kepler Univ Linz, Inst Networks & Secur, Altenbergerstr 69, A-4040 Linz, Austria
来源
PROCEEDINGS OF THE 5TH INTERNATIONAL CONFERENCE ON INFORMATION SYSTEMS SECURITY AND PRIVACY (ICISSP) | 2019年
关键词
Anonymization; Tor; DNS; Malicious Behaviour;
D O I
10.5220/0007471205360543
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Anonymization is commonly seen as useful only for people that have something to hide. Tor exit nodes are therefore associated with malicious behaviour and especially the so-called "darknet". While the Tor network supports hidden services, and a large share of these serve illegal purposes, most of the traffic in the Tor network exits to the normal Internet and could be, and probably is, legal. We investigate this by taking a look at the DNS requests of a high-bandwidth exit node. We observe some malicious behaviour (especially DNS scans), questionable targets (both widely seen as immoral as well as very likely illegal in most countries), and careless usage. However, all these, while undoubtable undesirable, make up only a small share of the exit traffic. We then propose some additions to reduce the detected malicious use.
引用
收藏
页码:536 / 543
页数:8
相关论文
共 50 条
  • [1] DNS Traffic of a Tor Exit Node - An Analysis
    Sonntag, Michael
    [J]. SECURITY, PRIVACY, AND ANONYMITY IN COMPUTATION, COMMUNICATION, AND STORAGE (SPACCS 2018), 2018, 11342 : 33 - 45
  • [2] DNS Traffic Analysis for Malicious Domains Detection
    Ghafir, Ibrahim
    Prenosil, Vaclav
    [J]. 2ND INTERNATIONAL CONFERENCE ON SIGNAL PROCESSING AND INTEGRATED NETWORKS (SPIN) 2015, 2015, : 613 - 618
  • [3] Classifying Malicious Domains using DNS Traffic Analysis
    Mahdavifar, Samaneh
    Maleki, Nasim
    Lashkari, Arash Habibi
    Broda, Matt
    Razavi, Amir H.
    [J]. 2021 IEEE INTL CONF ON DEPENDABLE, AUTONOMIC AND SECURE COMPUTING, INTL CONF ON PERVASIVE INTELLIGENCE AND COMPUTING, INTL CONF ON CLOUD AND BIG DATA COMPUTING, INTL CONF ON CYBER SCIENCE AND TECHNOLOGY CONGRESS DASC/PICOM/CBDCOM/CYBERSCITECH 2021, 2021, : 60 - 67
  • [4] On the ground truth problem of malicious DNS traffic analysis
    Stevanovic, Matija
    Pedersen, Jens Myrup
    D'Alconzo, Alessandro
    Ruehrup, Stefan
    Berger, Andreas
    [J]. COMPUTERS & SECURITY, 2015, 55 : 142 - 158
  • [5] Detecting Malicious Domains by Massive DNS Traffic Data Analysis
    Tian, Shiqi
    Fang, Cheng
    Liu, Jun
    Lei, Zhenming
    [J]. 2016 8TH INTERNATIONAL CONFERENCE ON INTELLIGENT HUMAN-MACHINE SYSTEMS AND CYBERNETICS (IHMSC), VOL. 1, 2016, : 130 - 133
  • [6] BotMAD: Botnet Malicious Activity Detector Based on DNS Traffic Analysis
    Sharma, Pooja
    Kumar, Sanjeev
    Sharma, Neeraj
    [J]. PROCEEDINGS ON 2016 2ND INTERNATIONAL CONFERENCE ON NEXT GENERATION COMPUTING TECHNOLOGIES (NGCT), 2016, : 824 - 830
  • [7] Detecting APT Malware Infections Based on Malicious DNS and Traffic Analysis
    Zhao, Guodong
    Xu, Ke
    Xu, Lei
    Wu, Bo
    [J]. IEEE ACCESS, 2015, 3 : 1132 - 1142
  • [8] TorWard: Discovery of Malicious Traffic over Tor
    Ling, Zhen
    Luo, Junzhou
    Wu, Kui
    Yu, Wei
    Fu, Xinwen
    [J]. 2014 PROCEEDINGS IEEE INFOCOM, 2014, : 1402 - 1410
  • [9] Malicious DNS Tunneling Detection in Real-Traffic DNS Data
    Lambion, Danielle
    Josten, Michael
    Olumofin, Femi
    De Cock, Martine
    [J]. 2020 IEEE INTERNATIONAL CONFERENCE ON BIG DATA (BIG DATA), 2020, : 5736 - 5738
  • [10] An Imbalanced Malicious Domains Detection Method Based on Passive DNS Traffic Analysis
    Liu, Zhenyan
    Zeng, Yifei
    Zhang, Pengfei
    Xue, Jingfeng
    Zhang, Ji
    Liu, Jiangtao
    [J]. SECURITY AND COMMUNICATION NETWORKS, 2018,
12345