Fully Qualified Domain Name Research Articles

Extraction and Prediction of User Communication Behaviors From DNS Query Logs Based on Nonnegative Tensor Factorization

Owing to the critical role of the domain name system (DNS), its query log data are utilized for various network monitoring purposes. With the diversification of network services, these data have become increasingly complex, making mining useful information challenging. DNS query log data can be considered as the superposition of two types of communication patterns: groups of domains accessed simultaneously (e.g., ad servers and content delivery network (CDN) servers) and time-series access patterns based on user behavior characteristics (e.g., access trends during the night). However, previous studies have not focused on extracting both access patterns hidden in the data. This study proposes a method that extracts both patterns of accessed domains and temporal access patterns as user communication behaviors from DNS query log data and predicts future accesses based on these patterns. The proposed method first aggregates similar fully qualified domain names (FQDNs) associated with the same service. We then present temporal regularized nonnegative tensor factorization (TR-NTF) that extracts both access patterns from a third-order tensor expressing DNS query log data and enables prediction. We evaluate the proposed method using synthetic and actual data and demonstrate that it successfully extracts hidden communication patterns and achieves sufficient prediction accuracy.

Analyzing temporal graphs of malware distribution networks

This research provides temporal insight on network topological structures, as well as transitional properties and malware attribution of malware distribution networks. This is accomplished with a temporal-based data set created using a novel data fusion of publicly-available data sources. We developed and used a crawler, along with public APIs, to collect publicly-available data of malicious top-level domains and relevant hosted malware from Google Safe Browsing and VirusTotal for an eight-month period between 19 January and 25 September of 2017. We then combined these data sources, which revealed new insight on fully qualified domain name topological network structure properties and temporal transitions not appreciable from the individual data sources. We have provided the technical details of our novel data fusion approach to GSB and VT static data. The result of this data fusion was the creation of new observable knowledge, primarily temporal-based structural changes and malware attribution within the distribution network, which is not available by analyzing the static data of GSB and VT in isolation. Data revealing details of malware-hosting on a domain brought to light topological structures of fully-qualified domain names involved in the distribution of malicious files. Our insights include: 1) malware distribution networks form clusters that follow the Power law, 2) network structure components such as bridges and hubs (both concepts presented and defined in this paper), and URL shortening providers serve significant roles in malware distribution dynamics, 3) persistence of fully-qualified domain names in malware distribution is random and often used only once to host malware, 4) a large number of unique, downloaded malicious files hosted on various nodes in a malware distribution network were found to belong to a much smaller set of malware families. These observed insights revealed continued persistence of surrounding topological structures. These topological structures were streaming malicious data flows to fully-qualified domain names identified as actively hosting malware before and after the date of identification. The insights further suggest large topological structures with data flow distributing malware persist over time with small sub-structural changes. We have provided suggestions on preventing sustained malicious data flows based on our temporal observations of bridge and hub structures. Individual persistent fully-qualified domain names within these large structures repeatedly served as either a source or an intermediate node of malicious data flows. This implies that the continued monitoring of data flows can serve to alert early-stage malware distribution.

Using Media Independent Handover to Support PMIPv6 Inter-domain Mobility Based Vehicular Networks

Proxy Mobile IPv6 (PMIPv6) was proposed by the Internet Engineering Task Force (IETF) as a new network-based mobility protocol which does not require the involvement of MN’s in any form of mobility management. MN can handover relatively faster in PMIPv6 than in host-based mobility protocols (e.g. Mobile IPv6 (MIPv6)) because it actively uses link-layer attachment information which reduces the movement detection time, and eliminates duplicate address detection procedures. However, the current PMIPv6 cannot provide continuous mobility support for MN when roaming between different PMIPv6 domains; we introduce a novel inter-domain PMIPv6 scheme to support seamless handover for vehicle in motion to support continuous and seamless connection while roaming in the new PMIPv6 domain. In this paper we analytically evaluate our proposed scheme to support inter-domain mobility for vehicle roaming between two PMIPv6 domains by using Media Independent Handover (MIH) and Fully Qualified Domain Name (FQDN) to support the handover in addition to a continuous connection.

Software-defined Naming, Discovery and Session Control for IoT Devices and Smart Phones in the Constraint Networks

This paper suggests the naming for Internet of Things (IoT) devices where a Fully Qualified Domain Name (FQDN) is assigned to each device instead of the IP address. This naming method enables the user equipments (UEs) to reach IoT devices easily. Nowadays, one of the main challenges in IoT is the discovery scheme. This paper explores the discovery scheme that can operate under the current DNS and its legacy Resource Record (RR) format. The IoT device with the group name of GrpN, the domain of example.com and the device name of IoT77 can be discovered by means of the URL: GrpN.example.com/IoTD77. This paper explores how the UE behind the Network Address Translation (NAT) device discovers the destination IoT devices and establishes IoT Device-to-User Equipment (D2U) data session under the condition that IoT access networks tend to be constraint networks. Here, the discovery and session establishment processes are controlled by the software-defined control plane controller.

Resource Name-Based Routing in the Network Layer

New network architectures and routing technologies are being proposed to reflect the changes in the current trend of Internet communication that are becoming more and more resource-centric; the demand for the hierarchically structured resource in the network is emphasized, not the location of the resource. Therefore, routing by the resource rather than routing by the conventional Internet protocol address is more suitable for the future Internet with some attractive advantages such as reducing the burden of resolving identifier to location and achieving higher scalability by using a provider-independent addressing structure. In this paper, we propose resource name-based routing within the routers in the network layer since te ardware architecture should also be able to support the paradigm shift from host-centric to resource-centric communication. Through evaluating the required network architecture and memory size in routers, we show the feasibility of resource name-based routing by using fully qualified domain names (FQDN) as an example of describing structured information. Using approximately 700 million existing FQDNs, the evaluation result shows that resource name-based routing is feasible even when considering the limitations of ternary content addressable memory size in routers.

Using Media Independent Handover to Support PMIPv6 Inter-domain Mobility Based Vehicular Networks

Proxy Mobile IPv6 (PMIPv6) was proposed by the Internet Engineering Task Force (IETF) as a new network-based mobility protocol which does not require the involvement of MN’s in any form of mobility management. MN can handover relatively faster in PMIPv6 than in host-based mobility protocols (e.g. Mobile IPv6 (MIPv6)) because it actively uses link-layer attachment information which reduces the movement detection time, and eliminates duplicate address detection procedures. However, the current PMIPv6 cannot provide continuous mobility support for MN when roaming between different PMIPv6 domains; we introduce a novel inter-domain PMIPv6 scheme to support seamless handover for vehicle in motion to support continuous and seamless connection while roaming in the new PMIPv6 domain. In this paper we analytically evaluate our proposed scheme to support inter-domain mobility for vehicle roaming between two PMIPv6 domains by using Media Independent Handover (MIH) and Fully Qualified Domain Name (FQDN) to support the handover in addition to a continuous connection.

Improving Inter-Domain Fast Handover Using MIH Services in Mobile WiMAX

Recently, the IP connectivity during the Mobile Node (MN) movement between Base Stations (BSs) belonging to different Internet Service Providers (ISPs) is still a key issue to be tackled. In this paper, therefore, we develop a new scheme to improve the performance of inter-domain fast handover over mobile WiMAX networks. The framework basically relies on the Fast Handover for Mobile IPv6 protocol (FMIPv6) when the Media Independent Information Services (MIIS) as defined in IEEE802.21 standard is applied to enable the Mobile Node in storing the information of the neighboring networks. A Fully Qualified Domain Name (FQDN) is also used to identify the IP address of the previous network operator and the MN during its movements. Since both MIIS and FQDN can support the node mobility between multiple domains, our proposed scheme can also be called P-FMIPv6. The numerical results show that the latency of IP connectivity of this proposed handover can be significantly reduced in addition to less service disruption time during handovers as compared to the existing FMIPv6 when IEEE802.16e network is considered.

Inter-domain Proxy Mobile IPv6 based Vehicular Network

Proxy Mobile IPv6 (PMIPv6) was standardized by the Internet Engineering Task Force (IETF) NetLMM WG as a Network-based Mobility management protocol, this protocol allows the Mobile Node (MN) to maintain service connectivity while moving within the PMIPv6 domain. PMIPv6 mobility management is different from the Host-based Mobility management protocols; where the mobility signaling management is controlled by the serving network on behalf of the MN. PMIPv6 introduced new network entities to handle the signaling on behalf of the MN. However, PMIPv6 protocol can only manage the MN’s reachability within a local domain (intra-domain). If the MN moves beyond the perimeter of PMIPv6 domain, the mobility support will be lost. To provide MN continuous support across domains, PMIPv6 needs to be developed to support interconnect neighboring PMIPv6 domains. In this paper we propose an inter-domain handover scheme. The proposed scheme uses the Media Independent Information Service (MIIS) to help the vehicle store information about the network that it is attached with. In addition the Local Mobile Anchor (LMA) will use Fully Qualified Domain Name (FQDN).

Challenge and solutions of NAT traversal for ubiquitous and pervasive applications on the Internet

Network Address Translator (NAT) has brought up many changes and opportunities to the Internet. How do the ubiquitous and pervasive applications coexist with NAT and interoperate with each other? In this article, we discuss the essence of NAT sensitive applications as well as the challenge and response for various NAT traversal solutions. All questions pointed to redesign a new NAT framework with a major change to accommodate NAT problems all at once. We introduce a novel next generation NAT (NATng) framework, which consists of a Bi-directional NAT (BNAT) and a Domain Name System Application Level Gateway (DNS_ALG) with a Border Network Address Translator Control Protocol (BNATCP) function to control all BNATs. The above components coordinate and provide bidirectional access capability between intranet and Internet, so all private hosts can be addressed via Fully Qualified Domain Name (FQDN). Logistically, NATng extends the IPv4 address space from 2 32 to 2 48 or even more. It features high potential to solve the problems for ubiquitous and pervasive applications which may encounter IPv4 address exhaustion on the current Internet.

Statistical Study of Unusual DNS Query Traffic

We statistically investigated on the unusual big DNS resolution tra±c toward the top domain DNS server from a university local campus network in April 11th, 2006. The following results are obtained: (1) In April 11th, the DNS query tra±c includes a lot of fully qualified domain names (FQDNs) of several specific web sites as name resolution keywords. (2) Also, the DNS query traffic includes a plenty of source IP addresses of PC clients. Also (3), the several DNS query keywords including speci¯c well-known web sites can be found in the DNS traffic. Therefore, it can be concluded that we can detect the unusual tra±c and bots worm activity (DDoS attacks and/or prescannings) by assuming a threshold based statistifical detection model and checking the several specific keywords of web sites in the DNS resolution traffic.

A simulation platform

Electronic NUmber Mapping (ENUM)[1] System, a suite of protocols developed by IETF is one of the simplest approach which permits communicating from the telephony to the Internet Protocol (IP) world and vice versa in a seamless manner. Implementing ENUM is simple because it uses the existing Domain Name System (DNS) to store and serve the information linking PSTN telephone numbers to network addresses and services (email address, SIP phone number etc.). Explanation of how a telephone number is converted to a Fully Qualified Domain Name (FQDN) is shown in fig.1.

정크메일 차단을 위한 FQDN 확인 시스템의 구현 및 평가

인터넷 사용의 급격한 증가로 전자우편은 모든 분야에서 가장 보편적인 통신 수단이 되었다. 하지만 전자우편의 사용 급증으로 사용자들의 전자우편 주소가 인터넷상에 노출되고 그 부작용으로 정크 메일, 스팸 메일이라 불리는 수신을 원하지 않는 메일의 수신빈도와 그로 인한 피해가 갈수록 높아져 그 문제가 심각한 수준에 이르게 되었다. 더구나 근래의 스팸, 정크 메일은 단순히 광고성 메시지를 전달하기 보다는 시스템을 공격하기 위한 바이러스나 해킹 도구를 전파하는 수단으로 이용되어 컴퓨터 침해 사고의 심각한 원인으로 지적되고 있다. 따라서 본 논문에서는 이러한 스팸, 정크 메일을 FQDN 확인을 통해 차단할 수 있는 모델을 구현해서 사용해 보고 그 결과를 평가하여 개선 방향을 제시하였다. Internet mail has become a common communication method around the world because of tremendous Internet service usage increment. In other respect, Most Internet users' mail addresses are exposed to spammer, and the damage of Junk mail is growing bigger and bigger. These days, Junk mail delivery problem is becoming more serious, because this is used for an attack or propagation scheme of malicious code. It's a most dangerous dominant cause for computer system accident. This paper shows the Junk mail filtering model and implementation which is based on FQDN (Fully Qualified Domain Name) check and evaluates it for proposing advanced scheme against Junk mail.

Global mobile IPv6 addressing using transition mechanisms

The adoption of the Internet Protocol in mobile and wireless technologies has considerably increased the number of hosts that can potentially access the global Internet. IPv6 is considered the long term solution for the IPv4 address shortage problem, but the transition from IPv4 to IPv6 is supposed to be very gradual. Therefore, there will be a long time during which both protocol versions will coexist. To facilitate transition, the IETF has set up a work group called NGTRANS (Next Generation TRANSition) which specifies mechanisms for supporting interoperability between IPv4 and IPv6. This paper describes a new approach for implementing mobile networks with global Internet connectivity using transition mechanisms. It consists in virtually assigning IPv6 addresses to IPv4 hosts without modifying end-user devices by introducing a transparent gateway in the mobile network. The mobile hosts with virtual IPv6 addresses are uniquely addressed through the global IPv4 Internet by using IPv6 addresses from the standard 6to4 addressing scheme or Fully Qualified Domain Names (FQDN). This "extended" transition mechanism permits to deploy mobile networks with global Internet connectivity without requiring public IPv4 addresses, using legacy IPv4 user devices. The mobile hosts with virtual IPv6 addresses can communicate to other hosts with virtual IPv6 addresses or with "true " IPv6 networks.