%0 Conference Proceedings
%T An FPGA System for Detecting Malicious DNS Network Traffic
%+ Air Force Institute of Technology
%+ Air Force Institute of Technology
%A Thomas, Brennon
%A Mullins, Barry
%A Peterson, Gilbert
%A Mills, Robert
%Z Part 4: NETWORK FORENSICS
%< avec comité de lecture
%( IFIP Advances in Information and Communication Technology
%B 7th Digital Forensics (DF)
%C Orlando, FL, United States
%Y Gilbert Peterson
%Y Sujeet Shenoi
%I Springer
%3 Advances in Digital Forensics VII
%V AICT-361
%P 195-207
%8 2011-01-31
%D 2011
%R 10.1007/978-3-642-24212-0_15
%K Network forensics
%K DNS tunneling
%K detection system
%K FPGA
%Z Computer Science [cs]Conference papers
%X Billions of legitimate packets traverse computer networks every day. Unfortunately, malicious traffic also traverses these same networks. An example is traffic that abuses the Domain Name System (DNS) protocol to exfiltrate sensitive data, establish backdoor tunnels or control botnets. This paper describes the TRAPP-2 system, an extended version of the Tracking and Analysis for Peer-to-Peer (TRAPP) system, which detects BitTorrent and Voice over Internet Protocol (VoIP) traffic. TRAPP-2 is designed to detect a DNS packet, extract the packet payload, compare the data against a hash list and, if the packet is suspicious, log it for future analysis. Results show that the TRAPP-2 system captures 91.89% of DNS packets of interest under a 93.7% network load (937 Mbps). Also, as the hash list size is increased from 1,000 to 131,072,000 unique items, each doubling of the hash list size results in a mean increase of approximately 16 CPU cycles. These results demonstrate the ability of TRAPP-2 to detect traffic of interest under a saturated network load while maintaining large hash lists.
%G English
%Z TC 11
%Z WG 11.9
%2 https://inria.hal.science/hal-01569565/document
%2 https://inria.hal.science/hal-01569565/file/978-3-642-24212-0_15_Chapter.pdf
%L hal-01569565
%U https://inria.hal.science/hal-01569565
%~ IFIP-LNCS
%~ IFIP
%~ IFIP-AICT
%~ IFIP-TC
%~ IFIP-WG
%~ IFIP-TC11
%~ IFIP-DF
%~ IFIP-WG11-9
%~ IFIP-AICT-361