Understanding the Challenges of Blocking Unnamed Network Traffic.

Kaspar Hageman; Egon Kidmose; René Rydhof Hansen; Jens Myrup Pedersen

doi:10.1109/NOMS54207.2022.9789854

Understanding the Challenges of Blocking Unnamed Network Traffic.

Kaspar Hageman, Egon Kidmose, René Rydhof Hansen, Jens Myrup Pedersen

Publikation: Bidrag til bog/antologi/rapport/konference proceeding › Konferenceartikel i proceeding › Forskning › peer review

8 Downloads (Pure)

Abstract

Network traffic that is not preceded by any Domain Name System (DNS) resolutions is referred to as unnamed traffic. Any DNS-based security system is ineffective against malicious content distributed through this traffic. In this paper, we introduce a novel method for identifying unnamed traffic based on the correlation of flows and DNS responses extracted from raw network traces. We describe two challenges that affect the validity of our method, and how to handle them. By applying our method to a one-week trace of network traffic, we illustrate that unnamed traffic is ubiquitous in a university network across nearly all client systems, destination IP addresses, and destination services. We conclude by presenting several open problems that prevent us from blocking unnamed traffic for security reasons.

Originalsprog	Engelsk
Titel	NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium : Network and Service Management in the Era of Cloudification, Softwarization and Artificial Intelligence, NOMS 2022
Redaktører	Pal Varga, Lisandro Zambenedetti Granville, Alex Galis, Istvan Godor, Noura Limam, Prosper Chemouil, Jerome Francois, Marc-Oliver Pahl
Forlag	IEEE
Publikationsdato	2022
Sider	1-5
Artikelnummer	9789854
ISBN (Trykt)	978-1-6654-0602-4
ISBN (Elektronisk)	9781665406017
DOI	https://doi.org/10.1109/NOMS54207.2022.9789854
Status	Udgivet - 2022
Begivenhed	IEEE Symposium on Network Operations and Management - Budapest, Ungarn Varighed: 25 apr. 2023 → 29 apr. 2023

Konference

Konference	IEEE Symposium on Network Operations and Management
Land/Område	Ungarn
By	Budapest
Periode	25/04/2023 → 29/04/2023

Navn	IEEE/IFIP Network Operations and Management Symposium
ISSN	2374-9709

Bibliografisk note

DBLP's bibliographic metadata records provided through http://dblp.org/search/publ/api are distributed under a Creative Commons CC0 1.0 Universal Public Domain Dedication. Although the bibliographic metadata records are provided consistent with CC0 1.0 Dedication, the content described by the metadata records is not. Content may be subject to copyright, rights of privacy, rights of publicity and other restrictions.

Adgang til dokumentet

10.1109/NOMS54207.2022.9789854

JMY_Understanding the Challenges of BlockingAccepteret manuskript, 246 KB

AUB Link

Søg efter materialet i Aalborg Universitetsbiblioteks søgemaskine

Andre filer og links

Link to publication in Scopus

Citationsformater

Hageman, K., Kidmose, E., Hansen, R. R., & Pedersen, J. M. (2022). Understanding the Challenges of Blocking Unnamed Network Traffic. I P. Varga, L. Z. Granville, A. Galis, I. Godor, N. Limam, P. Chemouil, J. Francois, & M-O. Pahl (red.), NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium: Network and Service Management in the Era of Cloudification, Softwarization and Artificial Intelligence, NOMS 2022 (s. 1-5). Artikel 9789854 IEEE. https://doi.org/10.1109/NOMS54207.2022.9789854

Hageman, Kaspar ; Kidmose, Egon ; Hansen, René Rydhof et al. / Understanding the Challenges of Blocking Unnamed Network Traffic. NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium: Network and Service Management in the Era of Cloudification, Softwarization and Artificial Intelligence, NOMS 2022. red. / Pal Varga ; Lisandro Zambenedetti Granville ; Alex Galis ; Istvan Godor ; Noura Limam ; Prosper Chemouil ; Jerome Francois ; Marc-Oliver Pahl. IEEE, 2022. s. 1-5 (IEEE/IFIP Network Operations and Management Symposium).

@inproceedings{d474c72664fa4884a3beaeda552c4963,

title = "Understanding the Challenges of Blocking Unnamed Network Traffic.",

abstract = "Network traffic that is not preceded by any Domain Name System (DNS) resolutions is referred to as unnamed traffic. Any DNS-based security system is ineffective against malicious content distributed through this traffic. In this paper, we introduce a novel method for identifying unnamed traffic based on the correlation of flows and DNS responses extracted from raw network traces. We describe two challenges that affect the validity of our method, and how to handle them. By applying our method to a one-week trace of network traffic, we illustrate that unnamed traffic is ubiquitous in a university network across nearly all client systems, destination IP addresses, and destination services. We conclude by presenting several open problems that prevent us from blocking unnamed traffic for security reasons.",

keywords = "DNS, network flows, network security, unnamed traffic",

author = "Kaspar Hageman and Egon Kidmose and Hansen, {Ren{\'e} Rydhof} and Pedersen, {Jens Myrup}",

note = "DBLP's bibliographic metadata records provided through http://dblp.org/search/publ/api are distributed under a Creative Commons CC0 1.0 Universal Public Domain Dedication. Although the bibliographic metadata records are provided consistent with CC0 1.0 Dedication, the content described by the metadata records is not. Content may be subject to copyright, rights of privacy, rights of publicity and other restrictions.; IEEE Symposium on Network Operations and Management, NOMS ; Conference date: 25-04-2023 Through 29-04-2023",

year = "2022",

doi = "10.1109/NOMS54207.2022.9789854",

language = "English",

isbn = "978-1-6654-0602-4",

series = "IEEE/IFIP Network Operations and Management Symposium",

publisher = "IEEE",

pages = "1--5",

editor = "Pal Varga and Granville, {Lisandro Zambenedetti} and Alex Galis and Istvan Godor and Noura Limam and Prosper Chemouil and Jerome Francois and Marc-Oliver Pahl",

booktitle = "NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium",

address = "United States",

}

Hageman, K, Kidmose, E, Hansen, RR & Pedersen, JM 2022, Understanding the Challenges of Blocking Unnamed Network Traffic. i P Varga, LZ Granville, A Galis, I Godor, N Limam, P Chemouil, J Francois & M-O Pahl (red), NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium: Network and Service Management in the Era of Cloudification, Softwarization and Artificial Intelligence, NOMS 2022., 9789854, IEEE, IEEE/IFIP Network Operations and Management Symposium, s. 1-5, IEEE Symposium on Network Operations and Management, Budapest, Ungarn, 25/04/2023. https://doi.org/10.1109/NOMS54207.2022.9789854

Understanding the Challenges of Blocking Unnamed Network Traffic. / Hageman, Kaspar; Kidmose, Egon; Hansen, René Rydhof et al.
NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium: Network and Service Management in the Era of Cloudification, Softwarization and Artificial Intelligence, NOMS 2022. red. / Pal Varga; Lisandro Zambenedetti Granville; Alex Galis; Istvan Godor; Noura Limam; Prosper Chemouil; Jerome Francois; Marc-Oliver Pahl. IEEE, 2022. s. 1-5 9789854 (IEEE/IFIP Network Operations and Management Symposium).

Publikation: Bidrag til bog/antologi/rapport/konference proceeding › Konferenceartikel i proceeding › Forskning › peer review

TY - GEN

T1 - Understanding the Challenges of Blocking Unnamed Network Traffic.

AU - Hageman, Kaspar

AU - Kidmose, Egon

AU - Hansen, René Rydhof

AU - Pedersen, Jens Myrup

N1 - DBLP's bibliographic metadata records provided through http://dblp.org/search/publ/api are distributed under a Creative Commons CC0 1.0 Universal Public Domain Dedication. Although the bibliographic metadata records are provided consistent with CC0 1.0 Dedication, the content described by the metadata records is not. Content may be subject to copyright, rights of privacy, rights of publicity and other restrictions.

PY - 2022

Y1 - 2022

N2 - Network traffic that is not preceded by any Domain Name System (DNS) resolutions is referred to as unnamed traffic. Any DNS-based security system is ineffective against malicious content distributed through this traffic. In this paper, we introduce a novel method for identifying unnamed traffic based on the correlation of flows and DNS responses extracted from raw network traces. We describe two challenges that affect the validity of our method, and how to handle them. By applying our method to a one-week trace of network traffic, we illustrate that unnamed traffic is ubiquitous in a university network across nearly all client systems, destination IP addresses, and destination services. We conclude by presenting several open problems that prevent us from blocking unnamed traffic for security reasons.

AB - Network traffic that is not preceded by any Domain Name System (DNS) resolutions is referred to as unnamed traffic. Any DNS-based security system is ineffective against malicious content distributed through this traffic. In this paper, we introduce a novel method for identifying unnamed traffic based on the correlation of flows and DNS responses extracted from raw network traces. We describe two challenges that affect the validity of our method, and how to handle them. By applying our method to a one-week trace of network traffic, we illustrate that unnamed traffic is ubiquitous in a university network across nearly all client systems, destination IP addresses, and destination services. We conclude by presenting several open problems that prevent us from blocking unnamed traffic for security reasons.

KW - DNS

KW - network flows

KW - network security

KW - unnamed traffic

UR - http://www.scopus.com/inward/record.url?scp=85133162054&partnerID=8YFLogxK

U2 - 10.1109/NOMS54207.2022.9789854

DO - 10.1109/NOMS54207.2022.9789854

M3 - Article in proceeding

SN - 978-1-6654-0602-4

T3 - IEEE/IFIP Network Operations and Management Symposium

SP - 1

EP - 5

BT - NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium

A2 - Varga, Pal

A2 - Granville, Lisandro Zambenedetti

A2 - Galis, Alex

A2 - Godor, Istvan

A2 - Limam, Noura

A2 - Chemouil, Prosper

A2 - Francois, Jerome

A2 - Pahl, Marc-Oliver

PB - IEEE

T2 - IEEE Symposium on Network Operations and Management

Y2 - 25 April 2023 through 29 April 2023

ER -

Hageman K, Kidmose E, Hansen RR , Pedersen JM. Understanding the Challenges of Blocking Unnamed Network Traffic. I Varga P, Granville LZ, Galis A, Godor I, Limam N, Chemouil P, Francois J, Pahl M-O, red., NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium: Network and Service Management in the Era of Cloudification, Softwarization and Artificial Intelligence, NOMS 2022. IEEE. 2022. s. 1-5. 9789854. (IEEE/IFIP Network Operations and Management Symposium). doi: 10.1109/NOMS54207.2022.9789854

Understanding the Challenges of Blocking Unnamed Network Traffic.

Abstract

Konference

Bibliografisk note

Adgang til dokumentet

AUB Link

Andre filer og links

Fingeraftryk

Citationsformater